Virtual Router/ Firewall/ VPN

Reply
Frequent Visitor
Posts: 1
Registered: ‎11-13-2014

VPN tunnels going down

Hello All

 

I have recently inherited an infrastructure with a few Vyattas active in the production environment.  We have been receiving complaints that some of the VPN tunnels are going down every few hours.  I provide a copy of our config with the networks changed.

 

Keep alives are enabled on both sides and the Detect Dead Peers is also enabled with the action to restart the tunnel in the event that there is no traffic or a loss in connectivity.

 

 ike-group IKE-1W {
            dead-peer-detection {
                action restart
                interval 30
                timeout 30

 

My question is.. Is it normal or in any way recommendable to have the remote (or even local) network sites in a VPN S2S tunnel defined as a single server ?

 

We have a total of 12 tunnels running on this Vyatta and we see that 3 of these Tunnels stay up but the rest seem to go offline.  This could be due to lack of traffic between the two networks

 

 site-to-site {
            peer 10.10.10.10 {
                authentication {
                    mode pre-shared-secret
                    pre-shared-secret 
                }
                connection-type initiate
                default-esp-group ESP-1W
                ike-group IKE-1W
                local-address 1.1.1.1
                tunnel 1 {
                    allow-nat-networks disable
                    allow-public-networks disable
                    local {
                        prefix 192.168.1.0/24
                    }
                    remote {
                        prefix 172.16.0.5/32
                    }
                }
                tunnel 2 {
                    allow-nat-networks disable
                    allow-public-networks disable
                    local {
                        prefix 192.168.2.0/23
                    }
                    remote {
                        prefix 172.16.0.5/32
                    }
                }
              

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.