DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Vigor 2820 L2L IPSec WatchGuard XTM5
- gvjosh
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
26 Jul 2011 22:27 #68758
by gvjosh
Vigor 2820 L2L IPSec WatchGuard XTM5 was created by gvjosh
I have a WatchGuard XTM5 (11.4.1) and a Vigor 2820 setup with an IPSec L2L connection which works great for general things like IM, small file transfers, etc. However, whenever I try to send a large file across (anything over 50 MB) I get a connection error.
I've noticed that even though I've set the timeout of the gateway to 8 hrs it never makes it that far and seems to reset itself. I don't see any options in the 2820 to tell it to ignore the amount of bandwidth sent before doing a rekey of the tunnel which I believe may be the problem.
How can I tell the 2820 to ignore the amount of data going across and only rekey every 30 days (if possible)?
I've noticed that even though I've set the timeout of the gateway to 8 hrs it never makes it that far and seems to reset itself. I don't see any options in the 2820 to tell it to ignore the amount of bandwidth sent before doing a rekey of the tunnel which I believe may be the problem.
How can I tell the 2820 to ignore the amount of data going across and only rekey every 30 days (if possible)?
Please Log in or Create an account to join the conversation.
- gvjosh
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
- gvjosh
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
09 Aug 2011 18:32 #68964
by gvjosh
Replied by gvjosh on topic Re: Vigor 2820 L2L IPSec WatchGuard XTM5
Update: So I'm reviewing the logs and found the following entry:
IKE_RELEASE VPN : Dial-out Profile Index = 2, Name = toUSA
It seems that the VPN was disconnected but it doesn't say what triggered it. ?? Any ideas?
IKE_RELEASE VPN : Dial-out Profile Index = 2, Name = toUSA
It seems that the VPN was disconnected but it doesn't say what triggered it. ?? Any ideas?
Please Log in or Create an account to join the conversation.
- nealuk
- Offline
- Member
Less
More
- Posts: 465
- Thank you received: 0
10 Aug 2011 10:43 #68976
by nealuk
Replied by nealuk on topic Re: Vigor 2820 L2L IPSec WatchGuard XTM5
To get a longer uptime, before timeout, have you set:
IKE phase 1 key lifetime 86400
IKE phase 2 key lifetime 86400
On the Vigor, and then also the same on the WatchGuard ?
IKE phase 1 key lifetime 86400
IKE phase 2 key lifetime 86400
On the Vigor, and then also the same on the WatchGuard ?
Please Log in or Create an account to join the conversation.
- gvjosh
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
10 Aug 2011 14:19 #68978
by gvjosh
Replied by gvjosh on topic Re: Vigor 2820 L2L IPSec WatchGuard XTM5
@nealuk:
Thank you for responding. I currently have the setting at 8 hours and your setting would change it to 24 hours. However, I've noticed in the logs that it had disconnected and reconnected a few times in a 10 minute period. Is there a data transfer limit somewhere (I'm not seeing a setting in the Vigor) that also resets the key?
Thank you for responding. I currently have the setting at 8 hours and your setting would change it to 24 hours. However, I've noticed in the logs that it had disconnected and reconnected a few times in a 10 minute period. Is there a data transfer limit somewhere (I'm not seeing a setting in the Vigor) that also resets the key?
Please Log in or Create an account to join the conversation.
- nealuk
- Offline
- Member
Less
More
- Posts: 465
- Thank you received: 0
10 Aug 2011 14:29 #68980
by nealuk
Replied by nealuk on topic Re: Vigor 2820 L2L IPSec WatchGuard XTM5
The WatchGuard may well be the source of the data limit issue. This image gave me a clue:
It is taken from the article at:
http://www.draytek.com/user/SupportAppnotesDetail.php?ID=177 - whilst this isn't for your exact model, does it give you any clues?
Don't overlook the other Bytes limit in the phase 2 area. Does unticking the "Force key expiration after x bytes" help ?
Regards,
Neal
It is taken from the article at:
Don't overlook the other Bytes limit in the phase 2 area. Does unticking the "Force key expiration after x bytes" help ?
Regards,
Neal
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek