cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Heath_Mote
Copper

VPN Tunnel Phase 1 Re-key Causing Application Disconnects

We have what I would call a sensitive application that is somehow losing it's connection when Phase 1 re-keys on the VPN tunnel the traffic is being tunneled through. I think it's likely a combination of gateway/tunnel settings that could be modified but also just a sensitive application. The application disconnects were a mystery at first until we closely correlated these to the phase 1 re-keys on the VPN tunnel through which the traffic is passing.

Any information on what we might be able to monitor or modify in these VPN tunnels or gateway settings would be much appreciated. The tunnel setup is on R80.10 management and HA gateway using ClusterXL. We have Clustered gateways on each end of the VPN tunnel and have VPN tunnels to multiple sites. We have staggered the re-keys to no avail...thinking it was somehow tied to the multiple satellite gateways and the central gateway was not able to handle the multiple re-keys. This staggering re-key change did not improve the application disconnects.

 

0 Kudos
2 Replies
Jerry
Platinum

Re: VPN Tunnel Phase 1 Re-key Causing Application Disconnects

extending of the phase-1 re-key TTL would definitely help so you can make an attempt of making sure that re-keying is happening "over night" or simply out-of-business hours. This way you can prevent of re-keying happening during the peak time of application usefulness. Hope it helps, but if not I believe that "tweaking" IPSec CryptoSuite would definitely be required at this point.
Jerry
0 Kudos
Heath_Mote
Copper

Re: VPN Tunnel Phase 1 Re-key Causing Application Disconnects

Yes, we have tried this but the admins are saying there shouldn't be any downtime. I tend to agree because of the redundancy and we have never seen this before where a re-key caused a disconnect or interruption in application connectivity.

0 Kudos