1 out 2 IPSEC connections drops after random time.
-
Hello
I have two IPSEC site-to-site connections. 1 of them keeps dropping/stops routing traffic after a random time even though it shows connected. I have to STOP and START the whole IPSEC service before it starts working again, restarting does nothing. The IPSEC's run to Azure.
The second entry on the attached is the problem, anyone had an issue with this before?
-
@jacoventer Is the child SA dropping while there is traffic going back and forth?
-
@mamawe When the child drops, traffic drops, IPSEC connection status is connected.
*Note I did scrounge through some settings and compared the two IPSEC configs.The one that keeps dropping the child, had a 0 value in the rekey field, not in the default sense where the grey defaults appear and it has a value of 25920, it was zero, where my working IPsec had the default grey rekey value, I added value from the working IPsec to the faulty IPsec and it started up without me having to stop\start the service. That may have done the trick I'm going to observe it for a while and respond here if it was the problem.
-
Do the syslogs tell something about the dropping of the child SA?
Was there any traffic before the child SA was dropped?
It isn't unusual to drop a child SA if there is no traffic using it.
-
If you only get disconnected in phase2 please use IKEv1 instead of IKEv2 this will enable reauthentication and the phase2 will renew every time the life time reach to 90%
-
@walid-0 said in 1 out 2 IPSEC connections drops after random time.:
If you only get disconnected in phase2 please use IKEv1 instead of IKEv2 this will enable reauthentication and the phase2 will renew every time the life time reach to 90%
Even if this worked, I don't know that I would suggest using IKEv1 to resolve it. IKEv2 provides many benefits over the IKEv1, but a failed child SA is just a miss configuration and should be fixable.