ZW5 ZW5 VPN unstable
I often work from home using a VPN connection. Our office has a ZW5. Previously I had a ZW2WE, but the VPN was never 100% stable and so to increase stability I upgraded to a ZW5, too. Both ZW5s were running the same firmware (v3.64 XD.0), but the VPN still wasn't stable, so we upgraded them both to XD.3 last week. It's still not stable, and we're getting a bit desperate.
What happens is that the VPN tunnel runs fine for a few hours, but then traffic stops getting passed. According to both routers, the VPN tunnel is still up and running. Doing a disconnect/reconnect on the main office router usually fixs the problem, but sometimes we have to reboot it. Doing the same thing on my router does *not* fix the problem, which makes this problem especially bad - I cannot fix it myself - I have to call into the office and ask them to fix it.
The tunnel is IKE ESP-DES-SHA1. Nailed up is not checked (we tried checking it, but this didn't help). Check IPSec Tunnel Connectivity (and Log) is checked, but this doesn't seem to help, either. We are starting to wonder whether our office ZW5 (which is much older than the new one) is faulty.
Any ideas? Thanks in advance for all replies.
First I would try the following:
- Enable Nailed up
- Tweak Idle timeout timers (command line only?)
Then I would add:
- Setup a ping across the tunnel every 10 seconds
Then finally I would:
- Verify IKE/IPSec Lifetimes are set to 28800 (default)
- Try changing IKE/IPSec Lifetimes
Side note: You might want to try AES or 3DES encryption as it is more secure and doesn't seem to affect performance.
|reply to hyslopc |
Any chance that you are using SBC DSL with Dynamic IP? Although the Speed Stream DSL modem claims to be passing the WAN IP to the LAN it appears to cache the DNS. I experienced a similar problem between multiple sites that was only corrected after putting the DSL modem into bridge mode and moving PPPoe to the Zywall.