Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

VPN issues after migration 77.30 to 80.30

Hi,

 

ive done a simple migrate export of a 77.30 management server, and imported on a clean 80.30 VM.

. No hostname or IP changes. 

after initial migration, we had no issues. Over the weekend, VPN tunnels have now gone down.

 

No policies have been pushed since migration. SIC was never reset as I believe you don’t need to.

 

any pointers?

 

gateways still on 77.30

0 Kudos
6 Replies
Highlighted
Champion
Champion

You really need to do a policy push as all gateways need to know about the new management, even though you think nothing changed this is just one of those things, after a migration I always push all gateways at least 2 times.
There have been to many issues in the past that relate to first policy push after migration and not pushing at all..
Regards, Maarten
0 Kudos
Highlighted
Participant

I guess. The customer was reluctant to do a policy push until his gateways were 80.30. Usually, I have always pushed a policy so I am not familar with not pushing a policy.

Cant quite figure out why all VPN's were up, and then went down over the weekend..
0 Kudos
Highlighted
Champion
Champion

Is this a CP to CP VPN based on certificates? If so, the gateways will always check the Certificate validity with management, if no policy push was done Management and gateway run out of sync and the verification will fail.
Regards, Maarten
0 Kudos
Highlighted
Participant

It is CP to CP. I think you might have hit the nail on the head.
Do you know how often it checks for the certificate validity?
0 Kudos
Highlighted
Champion
Champion

At least every 24 hours.
Regards, Maarten
Highlighted
Participant

Thanks for this. In the end, turns out the customer VPN certs expired!!!!!!! However - I still believe a policy push was needed regardless.

Thanks for your quick response!
0 Kudos