I have 15 proxy-ids in the vpn tunnel whose peer is checkpoint firewall. Just one out of 15 usually remains really busy and lot of traffic get encap/decap on it. Remote users accessing resources within other 14 proxy-ids have absolutely no issues but they occasionally loose connectivity to those that are in the busiest proxy id and it recovers back automatically after 45-60mins. My VPN settings are as below: Phase 2: No PFS, No lifesize , Lifetime:1hr Phase 1: Group 5, Lefiteime:24hrs I started to assume it's because the bytes inside the proxy id is reaching the max limit and fails until a phase 2 rekey(1hr) happens. can someone let me know if I'm right in my assumption? if it's so, I can think of 2 solutions: 1.enforce lisize settings to say 1000MB so tunnel rekeys automatically. 2. bifurcate the local network (/24) in the proxy id into smaller chunks( two /25s) . Pls validate. Thanks in advance.
... View more