I have a WatchGuard XTM5 (11.4.1) and a Vigor 2820 setup with an IPSec L2L connection which works great for general things like IM, small file transfers, etc. However, whenever I try to send a large file across (anything over 50 MB) I get a connection error.

I've noticed that even though I've set the timeout of the gateway to 8 hrs it never makes it that far and seems to reset itself. I don't see any options in the 2820 to tell it to ignore the amount of bandwidth sent before doing a rekey of the tunnel which I believe may be the problem.

How can I tell the 2820 to ignore the amount of data going across and only rekey every 30 days (if possible)?

Does nobody have a solution?

Update: So I'm reviewing the logs and found the following entry:

IKE_RELEASE VPN : Dial-out Profile Index = 2, Name = toUSA

It seems that the VPN was disconnected but it doesn't say what triggered it. ?? Any ideas?

To get a longer uptime, before timeout, have you set:

IKE phase 1 key lifetime 86400
IKE phase 2 key lifetime 86400

On the Vigor, and then also the same on the WatchGuard ?

@nealuk:

Thank you for responding. I currently have the setting at 8 hours and your setting would change it to 24 hours. However, I've noticed in the logs that it had disconnected and reconnected a few times in a 10 minute period. Is there a data transfer limit somewhere (I'm not seeing a setting in the Vigor) that also resets the key?

The WatchGuard may well be the source of the data limit issue. This image gave me a clue:



It is taken from the article at:

http://www.draytek.com/user/SupportAppnotesDetail.php?ID=177 - whilst this isn't for your exact model, does it give you any clues?

Don't overlook the other Bytes limit in the phase 2 area. Does unticking the "Force key expiration after x bytes" help ?

Regards,

Neal