- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- LAN Routing
- >
- Re: 3CRWDR300A-73 IPSec VPN tunnles not staying op...
LAN Routing
1753784
Members
7201
Online
108799
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2009 11:47 AM
04-09-2009 11:47 AM
3CRWDR300A-73 IPSec VPN tunnles not staying open
We are having an issue with site-to-site VPN Tunnels between two 3CRWDR300A-73 routers.
Although the two routers connect to each other fine, after about half an hour the tunnel closes, and can only be opened by logging into the router and pressing the connect button, or by resetting the router, which fixes the problem for another half an hour.
How can we keep the tunnel permanently open, including re-opening it if there's an interruption? Is there a setting like the "always connected" option under the internet connection to make the VPN Tunnel a persistent connection?
Both broadband links are on single static IP Addresses.
Here are the IPSec settings being used on the routers:
Tunnel Type: IPSec
Tunnel name: ******
Remote VPN gateway: IP Address
IP Address\Host name: ******
Remote Secure Group
Remote Party ID: ID_IPV4_ADDR
Remote Network Address: 10.0.10.0
Remote Subnet Mask: 255.255.255.0
Local Secure Group
Local Party ID: ID_IPV4_ADDR
Network Address: 10.0.0.0
Subnet Mask:255.255.255.0
Phase I IKE parameters
Key Management: IEK Main Mode
SA attribute: Oakley-Pre-3DES SHA-1024
Pre-shared Key: ******
Phase II IPSec Parameters
Authentication Algorithm: MD5
Encrypt Algorithm: 3DES
Key lifetime (>=300sec.): 3600
PFS: Disabled
Diffie-Hellman Group: Group 2
IKE Keep Alive: Enabled
Here is a section of the log file (IP Addresses starred out):
2009.04.09 17:23:37 ******** login success
2009.04.09 17:05:32 ******** login success
2009.04.09 14:20:54 ******** login success
2009.04.09 14:20:49 ******** login fail
2009.04.09 12:27:57 IPSec SA established.
2009.04.09 12:27:57 Initiator, Quick Mode OK
2009.04.09 12:27:57 IPSec connected : Policy name = Provectus
2009.04.09 12:27:57 Initiator, I2
2009.04.09 12:27:57 ***Send packet!
2009.04.09 12:27:57 Start Quick mode, we are initiator.
2009.04.09 12:27:57 ISAKMP SA established.
2009.04.09 12:27:57 main_inR3
2009.04.09 12:27:57 Initiator I3
2009.04.09 12:27:56 Initiator I2
2009.04.09 12:27:56 ***Send packet!
2009.04.09 12:27:56 Start IKE, we are initiator.
2009.04.09 12:27:29 ******** login success
2009.04.09 12:23:55 If(if#3) PPP connection ok !
2009.04.09 12:23:54 PVC1 get IP: ********
2009.04.09 12:23:50 PVC1 (if#3) start PPP
2009.04.09 12:23:49 ADSL Media Up !
2009.04.09 12:23:34 WLAN TEST.....................PASS
2009.04.09 12:23:34 WAN TEST.................PASS
2009.04.09 12:23:34 DRAM TEST.....................PASS
Although the two routers connect to each other fine, after about half an hour the tunnel closes, and can only be opened by logging into the router and pressing the connect button, or by resetting the router, which fixes the problem for another half an hour.
How can we keep the tunnel permanently open, including re-opening it if there's an interruption? Is there a setting like the "always connected" option under the internet connection to make the VPN Tunnel a persistent connection?
Both broadband links are on single static IP Addresses.
Here are the IPSec settings being used on the routers:
Tunnel Type: IPSec
Tunnel name: ******
Remote VPN gateway: IP Address
IP Address\Host name: ******
Remote Secure Group
Remote Party ID: ID_IPV4_ADDR
Remote Network Address: 10.0.10.0
Remote Subnet Mask: 255.255.255.0
Local Secure Group
Local Party ID: ID_IPV4_ADDR
Network Address: 10.0.0.0
Subnet Mask:255.255.255.0
Phase I IKE parameters
Key Management: IEK Main Mode
SA attribute: Oakley-Pre-3DES SHA-1024
Pre-shared Key: ******
Phase II IPSec Parameters
Authentication Algorithm: MD5
Encrypt Algorithm: 3DES
Key lifetime (>=300sec.): 3600
PFS: Disabled
Diffie-Hellman Group: Group 2
IKE Keep Alive: Enabled
Here is a section of the log file (IP Addresses starred out):
2009.04.09 17:23:37 ******** login success
2009.04.09 17:05:32 ******** login success
2009.04.09 14:20:54 ******** login success
2009.04.09 14:20:49 ******** login fail
2009.04.09 12:27:57 IPSec SA established.
2009.04.09 12:27:57 Initiator, Quick Mode OK
2009.04.09 12:27:57 IPSec connected : Policy name = Provectus
2009.04.09 12:27:57 Initiator, I2
2009.04.09 12:27:57 ***Send packet!
2009.04.09 12:27:57 Start Quick mode, we are initiator.
2009.04.09 12:27:57 ISAKMP SA established.
2009.04.09 12:27:57 main_inR3
2009.04.09 12:27:57 Initiator I3
2009.04.09 12:27:56 Initiator I2
2009.04.09 12:27:56 ***Send packet!
2009.04.09 12:27:56 Start IKE, we are initiator.
2009.04.09 12:27:29 ******** login success
2009.04.09 12:23:55 If(if#3) PPP connection ok !
2009.04.09 12:23:54 PVC1 get IP: ********
2009.04.09 12:23:50 PVC1 (if#3) start PPP
2009.04.09 12:23:49 ADSL Media Up !
2009.04.09 12:23:34 WLAN TEST.....................PASS
2009.04.09 12:23:34 WAN TEST.................PASS
2009.04.09 12:23:34 DRAM TEST.....................PASS
- Tags:
- vpn
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2009 08:57 AM
04-23-2009 08:57 AM
Re: 3CRWDR300A-73 IPSec VPN tunnles not staying open
Fixed, in the following way:
- A static route was added to each router, to make sure they can route traffic correctly:
Local Route address: 10.0.10.0
Local Route Subnet mask: 255.255.255.0
Local Route gateway: 10.0.0.0
Remote Route address: 10.0.0.0
Remote Route Subnet mask: 255.255.255.0
Remote Route gateway: 10.0.10.0
- Both routers were set to use a different NTP Time server - one in the default 3com settings is inactive, meaning the router time is out of synch
- The following setting were used in the router's VPN Section:
VPN Tunnel Type: IPSec
VPN Tunnel name: *****
VPN Remote gateway: IP Address:
VPN Remote Address: *****
VPN remote Party ID: ID_IPV4_ADDR
VPN Remote Network Address: 10.0.10.0
VPN Remote Subnet Mask: 255.255.255.0
VPN Local Party ID: ID_IPV4_ADDR
VPN Local Network Address: 10.0.0.0
VPN Local Subnet Mask: 255.255.255.0
VPN Key management: IKE Main Mode
VPN SA attribute: Oakley-Pre-3DES-SHA-1024
VPN Pre-shared Key: *****
VPN Authentication Algorithm: MD5
VPN: Encrypt Algorithm 3DES
VPN key Lifetime: 43200 seconds
VPN PFS: Enabled
VPN Diffie-Hellman Group: Group 2
VPN IKE Keep Alive: Enabled
The tunnel now stays up, and computers can now find each other through the VPN via IP Address. The only issue we've found so far is that from one network, you can't ping or connect to the other router - we enabled remote administration, to bypass this issue. Anyone know of a work-around for that issue?
- A static route was added to each router, to make sure they can route traffic correctly:
Local Route address: 10.0.10.0
Local Route Subnet mask: 255.255.255.0
Local Route gateway: 10.0.0.0
Remote Route address: 10.0.0.0
Remote Route Subnet mask: 255.255.255.0
Remote Route gateway: 10.0.10.0
- Both routers were set to use a different NTP Time server - one in the default 3com settings is inactive, meaning the router time is out of synch
- The following setting were used in the router's VPN Section:
VPN Tunnel Type: IPSec
VPN Tunnel name: *****
VPN Remote gateway: IP Address:
VPN Remote Address: *****
VPN remote Party ID: ID_IPV4_ADDR
VPN Remote Network Address: 10.0.10.0
VPN Remote Subnet Mask: 255.255.255.0
VPN Local Party ID: ID_IPV4_ADDR
VPN Local Network Address: 10.0.0.0
VPN Local Subnet Mask: 255.255.255.0
VPN Key management: IKE Main Mode
VPN SA attribute: Oakley-Pre-3DES-SHA-1024
VPN Pre-shared Key: *****
VPN Authentication Algorithm: MD5
VPN: Encrypt Algorithm 3DES
VPN key Lifetime: 43200 seconds
VPN PFS: Enabled
VPN Diffie-Hellman Group: Group 2
VPN IKE Keep Alive: Enabled
The tunnel now stays up, and computers can now find each other through the VPN via IP Address. The only issue we've found so far is that from one network, you can't ping or connect to the other router - we enabled remote administration, to bypass this issue. Anyone know of a work-around for that issue?
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP