Site to Site VPN between two sites drops connectivity
I have an SRX210b at one site and SRX240 at another site. Site to Site VPN is setup and works as it should, except for one thing. Sometimes, connectivity is lost, and it doesn't reconnect until I manually restart the ipsec service on both gateways.
Why does this happen and is there a way for the connection to restore without manual intervention? This should really be the least of my worry's, but I'm worried that when I get this new site populated with people, that I'll be getting calls at all hours of the day or night for this issue.
Re: Site to Site VPN between two sites drops connectivity
[ Edited ]
Also note that... If your DPD timer is less then your IPSEC, which usually it is... When Phase 1 times out, DPD won't clear a Phase 2 SA on failure... It will if your P1 still exists.
Use DPD in conjunction with VPN-Monitor for best results.
Oh and should also note, if you have ping disabled on your untrust interfaces, after P1 times out; it will rekey automagically because it will switch to PING for DPD and Fail. If you have your P1 timer set to 3600 it will rekey every hour, which might not be a bad deal if you arn't running a concentrator with LOTs of devices.