Need to clear traffic or reset the tunnel to access

Reply
L2 Linker

Need to clear traffic or reset the tunnel to access

We had site to site vpn tunnels and traffic is always stuck and until unless we reset or clear the traffic the access is not working.

 

Any one have experience . The VPN tunnel never go down only the traffic PA to Sonic wall any recommendation on how to troubleshoot this issue ?

L7 Applicator

Re: Need to clear traffic or reset the tunnel to access

@NavidAlam,

I'm going to assume that you don't actually have tunnel monitoring setup, so the firewall won't display the tunnel as being down until the re-key is missed. I'd setup tunnel monitoring and see if the aggressive key re-negotiation helps your situation at all.

L2 Linker

Re: Need to clear traffic or reset the tunnel to access

Tunnel monitoring is setup . As i mention the tunnel never go down only the access to the tunnel stop. The only way we can access we had to clear the tunnel both Ike & IPsec to make accessable ?

L7 Applicator

Re: Need to clear traffic or reset the tunnel to access

Hello,

I have many site to site VPNs with the PAN's and never have this issue. However you are using a 3rd party firewall, I would say contact SonicWall support and see if they have any known issues with this.

 

Regards,

Highlighted
L7 Applicator

Re: Need to clear traffic or reset the tunnel to access

@NavidAlam,

If tunnel monitoring is enabled you would be getting a critical vpn event within your system logs stating the tunnel is down when the target becomes unreachable; either I'm missing something or at least some traffic is making it through the tunnel. Tunnel monitoring would attempt to resolve the issue by accelerating the re-key in an attempt to get things to refresh and become operational again, because you are using a third party firewall you wouldn't get the advantage of DPD.

 

It really sounds like your missing something when it comes to re-key events, so I would look at your lifetime settings.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!