Hi,

I am still having great fun with my 2930 and about 30 IPSEC VPN connections. The main problem is that the VPNs are all up for a day or two or so and then when we look at the router many, if not all of them are not there any more and the only way to get them back to to reboot the 2930 and the remote ends.

I have tried dial-in, dial-out and 'both' settings for the VPNS, with timeouts variously set to 'always on', '0' or 360 seconds, but the symptoms are all the same.

Most of the remote sites are running Draytek 2800s, with a handful of 2600s and a couple of 2820s - the 2820s seem to be the only units that manage to hang on in there for longer periods of time (occasionally), but I cannot see any logical or setup reason for this.

Could this be to do with key lifetiimes?

I'd appreciate any info about settings - for example, has anyone else had a similar experience? Is PPTP+MPPE more reliable? Any suggestions for VPN setup direction and timeouts?

I have had an email conversation with Draytek but their summary is 'no known problems with the 2930' - they have offered to connect in to the router when the VPNs die IF I email them when it happens, but because the VPNs are carrying appointment and patient records between veterinary clinics, I can't really leave the VPNs off while I wait for Draytek to pick up the email and come back to me (they won't let me call them!).

I do have the option to call their premium rate number, but as I understand it, this is run by a third party so I am weary of calling them if they do not have the in-depth knowledge for this kind of problem. Maybe I am doing them a disservice, but the second part of my question is to ask whether anyone has any experience of the support available on the premium rate number?

Thanks

I had similar problems with 2800 to 2800 at multiple sites. Sometimes one router would think the VPN was still live and the other wouldn't. Only way to force a reconnect was to log onto the router that thought it was live and forcibly disconnect under Connection Management.

We tried just about every configuration possible and it made no odds.. we did have some success with changing the phase 1 and 2 IKE lifetime to the max setting of 86400, they certainly stayed up longer, but that isn't ideal from a security standpoint and the same issue still cropped up fairly regularly.

Touch wood I've not experienced the same problems with the 2820s so I imagine it's a fw issue with the 2800's.

Thanks for the feedback. I have found that I get much more stable VPNs from the 2930 to all remote sites (2600s, 2800s and a couple of 2820s) if I turn on 'Enable PING to keep alive' in the outbound VPN settings and PING the remote routers. So far, I have had only one instance within the last few weeks where most of the VPNs disappeared and others just didn't pass traffic, and all but one VPN came up again as soon as the router was restarted.

The one VPN that didn't come back up was in the middle of a regional BT broadband outage and they had lost their DSL connection. As soon as the BT fault was fixed, their Draytek 2800 went back online and the VPN was automatically re-established by the 2930.

I am wondering whether the 2930 goes into a tailspin when it loses the ability to 'see' one of the remote sites for an extended period - or it's something like a memory leak, but I am really scratching around in the dark on that one.

We using 2950 to 2950 & 2800 site to site IPSEC without any problems. When DSL drops it reconnects swiftly. However we had major issues with 2800 to 2800.