Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

VPN traffic stops working

Hi Everyone,

I am running a gateway with R80.20 take 118 and MDS with R80.30 take 140. Since last week I started receiving complaints for VPN users that their traffic is not working. We have route based VPN and mobile access blade as well. 

Last week issue was for route based VPN. While checking the logs I could see traffic was getting accepted in the VPN rule but it was not getting encrypted. Previous logs show that it was working fine until that day. At the time of the issue, the traffic was being accepted in the same rule as a normal connection but was not getting identified as VPN traffic. The tunnels were up and running. I could see SAs established in both Phase 1 and Phase 2. Routing was also the same. With no options left, I thought of installing the policy once before thinking about resetting the tunnel. When I installed the policy it started getting encrypted and issue was resolved. Any idea what the issue could have been ? 

 

Also adding to the below incident, yesterday I had a similar issue for the same gateway. Except this time it was not the route based VPN but it was the mobile access blade. I could see that users were able to connect through VPN and office mode IP was getting assigned to them. But their traffic once they are connected to VPN was failing. The incoming traffic was getting decrypted, but it was dropped because the MAB policy recognised it as unauthorized. Curious again, I installed the policy to see whether it was just like the route based VPN issue and as expected it started working again once the policy was installed. I suspect something is going on with my gateway. This gateway is a HP proliant gen 8 open server. Please help me on identifying what the problem could be.

 

Thanks

Deepu

0 Kudos
4 Replies
Highlighted
Admin
Admin

Please open a TAC case

0 Kudos
Highlighted

TAC case has been opened. Waiting for a session.

0 Kudos
Highlighted
Iron

Are you getting any drops at the problematic time by running the command "fw ctl zdebug drop" command?

Regards,
CSR
0 Kudos
Highlighted

I haven't run the debug during the time of the issue. But I saw drop logs in Smart logs for Mobile access blade traffic. For the route based VPN the traffic was not dropped, but it was rather treated as a standard traffic instead of a VPN traffic. Currently I can't do any debugs other than wait for the issue to pop up again to see what happening during that particular time.

0 Kudos