Active tunnel

Reply
L4 Transporter

Re: Active tunnel

Its not that the tunnel won't come up but it goes down every day at the same time and then is back up and working in the morning no matter what the prosy id's are set.

L6 Presenter

Re: Active tunnel

It means re-key negotiation is not working fine. Tunnel is between different vendors, so sometimes re-key could be the issue.

L6 Presenter

Re: Active tunnel

Check the PFS settings, or make sure key negotiation time is exactly same on both the firewalls.

L4 Transporter

Re: Active tunnel

Where are the PFS settings?

L6 Presenter

Re: Active tunnel

In Phase-II if you select group2 or any group, that is considered as a PFS.

Make sure its disabled or enabled on both the devices.

L7 Applicator

Re: Active tunnel

Example from GUI:

PFS.PNG

Thanks

L4 Transporter

Re: Active tunnel

Okay why would I want to disable that?

L6 Presenter

Re: Active tunnel

Hello Infotech,

We said It should be Either Enabled or Disabled on both the end.

Lets say if you want to keep it Enable on PAN then make sure its enabled on peer as well.

Regards,

hardik Shah

Highlighted
L4 Transporter

Re: Active tunnel

I checked and they are set the same

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!