This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Wang
Collaborator
‎2020-03-01 08:31 AM

After the VPN client dials in for a period of time, the interruption occurs automatically

Hi,Engineers, I'd like to ask you a question

After the VPN client dials in for a period of time, the connection is often interrupted about two hours later.What caused the connection to fail

0 Kudos
Reply
6 Replies
PhoneBoy
Admin
Admin
‎2020-03-01 08:57 AM

Please describe in detail what you mean by "interruption."
I'm guessing this is when the client is asking for reauthentication from the end user, which it periodically does.
Reply
Wang
Collaborator
‎2020-03-01 08:59 PM
In response to PhoneBoy

After using the VPN client to dial in for two hours, the client cannot dial in the VPN, so it can only dial in the VPN client by manually re-entering the password
0 Kudos
Reply
_Val_
Admin
Admin
‎2020-03-01 10:15 AM

If your VPN goes down every two (or several, depending on IKE time-outs) hours, check that you can still reach CRL distribution point when VPN is up.

The classic case is:

1. VPN is down. IKE is established with certificates based auth. CLR is available, tunnel goes up.

2. Once keys are expired, GWs try to re-negotiate. Auth fails because CRL is no longer available. Tunnel goes down.

3. GWs retry IKE, once tunnel is down, CRL becomes reachable again, tunnel goes up.

Reply
Wang
Collaborator
‎2020-03-01 09:00 PM
In response to _Val_

Sorry, I don't quite understand
0 Kudos
Reply
LucasCosta
Participant
‎2020-03-02 06:59 AM

 

What is the timeout configured in the global properties ?

timeout.PNG

0 Kudos
Reply
Wang
Collaborator
‎2020-03-04 07:24 AM
In response to LucasCosta

微信图片_20200304232201.pngIt is the same as the screenshot you sent

Are there any other screening methods?

0 Kudos
Reply