isakmpd tunnels get lost

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

isakmpd tunnels get lost

Tobias Walkowiak
following scenario:

        |
        | LAN A
        |
.-------+-------.
|   Firewall A  |
|      and      |
| VPN-gateway A |
+-------+-------+
        |\
        | \
        |  public IP A
        |
     ======
      inet
     ======
        |
        | public IP B
        |/
  .-----+------.
  | Firewall B |
  +-----+------+
        |
        | NAT public IP B <-> private IP B
        |
        | private IP B
        |/
.-------+-------.
| VPN-Gateway B |
+-------+-------+
        |
        | LAN B
        |

now the situation:
establishing a VPN connection between LAN A and LAN B works fine. i run this
scenario for nearly four years. since release 3.5 the problem occurs that
the tunnel on gateway B (the natted one behind the separate firewall) falls
down. a 'netstat -rnf encap' then shows

Routing tables

Encap:
Source             Port  Destination        Port  Proto SA(Address/Proto/Type/Direction)

and no ping comes through although isakmpd is still running! i run a script
every 3 minutes that in such case kills isakmpd and restarts it. the failing
of the tunnels happens with NAT-T activated as well as without. does that
have something to do with any lifetime settings? i dont yet wanna bother you
with my isakmpd.conf but i post it of wished.

is there anyone who experienced the same or has a clue about that?

TIA
--
tobias

Reply | Threaded
Open this post in threaded view
|

SOLVED: isakmpd tunnels get lost

Tobias Walkowiak
just for the archives: i did define a lifetime for the encryption-suites
some time ago for a former configuration that once worked. deleting these
lifetimes and thus using the defaults now works. so, no actually wrong
config but rather too much config ;)

thanks for the personal replies!
--
tobias