Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
surajshinde
Explorer

need to reset tunnel every time when peer end primary ISP down.

Dear Team, 

We have configure site site tunnel between check point, both ends having check point and managed by same management device.

but primary link of peer goes Down, tunnel went down and once we manually reset it start working with secondary link.

Why manual reset required each time.

 

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

How precisely did you configure it?
ISP Redundancy in use?
What version/JHF?

0 Kudos
surajshinde
Explorer

How precisely did you configure it==> We have cross verify both end all the Phase1 & Phase2 configuration, all re same and it is working . But issue is happen only when Peer end Primary ISP link goes down traffic not shifted towards secondary. Whereas we have configure ISP redundancy and DNS 8.8.8.8 set. 
ISP Redundancy in use==> Yes two link Primary and secondary at both end like our end and peer end. and both configured with ISP redundancy.  
What version/JHF==>R81 Take 23

 

0 Kudos
PhoneBoy
Admin
Admin

In the ISP Redundancy config, have you enabled “Apply settings to VPN traffic” ?

surajshinde
Explorer

Yes. "Apply Setting to VPN traffic" is enabled.

0 Kudos
PhoneBoy
Admin
Admin

Probably a good idea to involve the TAC on this.

0 Kudos
the_rock
Advisor

Also, make sure "keep ike sas" is enabled in global properties...I had seen that applicable for both cp to cp tunnels, as well as cp to 3rd party.

0 Kudos
Simply_sachin
Explorer

but on this mangement server mutilple site to site VPNs are working perfectly..For only one specific Site2site only problem..

if i enable keep ike sas,it will not impact other site to site.

 

0 Kudos
the_rock
Advisor

I had never seen it impact other sites...can you try delete and recreate that site?

0 Kudos