Connection losses between ZyWALL310 and USG20W-VPN

steve15f
steve15f Posts: 16  Freshman Member
Friend Collector First Comment
edited April 2021 in Security
Hi dear,

i'm writting you a topic because i've a problem, connection losses, randomly my IPSec connection between the datacenter (ZyWALL310) and the customer (USG20W-VPN) is lost.

I receive from the ZyWALL310 an alert message, connectivity-check, the link status of the tunnel VPN is inactive. We have some microswitch-off on the customer side (USG20W-VPN), the tunnel is still open / connected but not working really. Do you know if is it possible to setup something different to decrease the sensibility about disconnect ?

Do you have an idea ?

thanks a lot.

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,431  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited April 2019

    Hi @steve15f

    Welcome to Zyxel community. :)

    You can try to enable both site VPN phase 1 DPD, and confirm that if the “nail-up” is ticked on VPN phase 2.


  • steve15f
    steve15f Posts: 16  Freshman Member
    Friend Collector First Comment
    HI @Zyxel_Cooldia

    thanks :) and thanks for your reply.

    i've enabled both site VPN DPD, and i've enabled the "nail-up" on the customer VPN site where there are the microswitch-off. Before, the "nail-up" was enabled on the Datacenter VPN site (no microswitch-off)

    what do you think ? thanks
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @steve15f  

    As you mentioned in first post, the VPN tunnel disconnect issue may coming from connectivity-check function.

    What’s the IP address is configured in connectivity-check on ZyWALL310?

    Will this IP address reply the ping request?

    Can you take screen shot of your VPN setting on ZyWALL310 and VPN20W-VPN?


  • steve15f
    steve15f Posts: 16  Freshman Member
    Friend Collector First Comment
    Hi,
    Thanks for your reply.
    You can find attached the config of the USG20W-VPN and the ZyWALL 310. VPN Connection setup.

    Do you need some info about the config of the VPN Gateway ?

    The ZyWALL 310 (Datacenter side) make a check with the address of the USG20W-VPN (192.168.1.1) on the customer side.

    The USG20W-VPN (Customer side) make a check with the adress of an Microsoft WIndows Server (192.168.105.10) on the datacenter side.

    thanks a lot
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @steve15f

    It looks your connectivity check setting is correct, but still not sure what caused the disconnect issue.

    I will send you private message for check this issue much details.

  • steve15f
    steve15f Posts: 16  Freshman Member
    Friend Collector First Comment
    Thanks a lot

Security Highlight