Two tunnels to same endpoint after brief outage
-
Hi.
I have observed a strange issue on a site2site VPN setup I have.
SG-6100 -> SG-2100 both running 22.05
One Phase1 tunnel and one Phase2 policy. It has been running for months without issues unless there is a brief Internet outage.
After the outage there will be two tunnels between the boxes, and they will both renew every 10 - 15 sec or so. This fills the IPSec log MASSIVELY, but traffic still flows “unnoticably” over the tunnel.One end is setup using pure default initiation and closure settings (and timers).
The other end is setup to start the tunnel at startup, and close and reconnect if the tunnel goes down.
Also, this site has shorter timers so it will always be this end that times out existing tunnels and reestablishes them.Like explained, a short outage can cause two tunnels to continiously reestablish themselves. Both initiated from the end setup to connect the tunnels.
This will continue until I manually disconnect one of the tunnels. This stops the renewal every 10-15 sec for the remaining tunnel, and it will stay up/be used/renewed as expected until a new event causes the same circle to start again.What can be done to prevent this?