vpn connection dropping

G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

Hello,

Is there a way to keep a VPN connection up instead of dropping when there
is no activity?

Let me explain my situation.

For the company where I work for I have set up a VPN connection. It is a
connection between the head office and a remote office. I have made the
connection with two Sonicwalls. On the head office we have an IP Subnet so
the
Sonicwall has a public IP have address. The remote office has only one
Public
IP address. (see the drawing below)

When the connection is set up from the remote office everything works good,
but when
there is no activity the connection is dropped after a while.

Of course the connection cannot be set up from the head office, since the
remote
sonicwall has no public ip address.

My problem is that I want to keep the connection up so that it keeps
accessable
from the Head Office.

Now I am able to do this by letting one of our servers constantly send PING
requests
to a machine at the remote office. But this feels like a ducktape solution.
Is there
an other way to keep a VPN connection up for "ever"?



HEAD OFFICE:

______ ___________ _________
_( )_ DSL |Cisco | |Sonicwall|
(_Internet_)--------|2600 Series|_____|PRO 200 |-------------LAN
(______) |ADSL_______| |ADSL_____| ^
^ ^ ^ |
| | | |
x.x.x.17/30 | | |
Public IP address | | |
| | |
x.x.x.18/30 | |
Public IP address | |
| |
10.10.1.1 |
Lan Gateway 10.10.1.0/24




REMOTE OFFICE:

_________ __________ ______
|Sonicwall| |Cisco | DSL _( )_
LAN-------------|SOHO2 |------|800 Series|--------(_Internet_)
^ |_________| |ADSL______| (______)
| ^ ^ ^ ^
10.10.5.0/24 | | | |
| | | |
10.10.5.1 | | |
Lan Gateway | | |
| | |
10.10.250.2 | |
| |
10.10.250.1 |
Gateway for |
the Sonicwall |
|
x.x.x.166
Public IP address

Thanks,

Bart
 

Mike

Splendid
Apr 1, 2004
3,865
0
22,780
Archived from groups: comp.security.firewalls (More info?)

Bart vd Nieuwenhuizen wrote:
> Hello,
>
> Is there a way to keep a VPN connection up instead of dropping when there
> is no activity?

<smug_mode>
I don't have one of these and have never used one but I thought I'd have
a go.

I downloaded the manual from the Sonicwall web site and read the section
on the VPN functions. I noticed under the VPN advanced configuration
there is an option labelled "Enable Keep Alive". The relevent section
reads:-
Enable Keep Alive
Selecting the Enable Keep Alive check box allows the VPN tunnel to
remain active or maintain its current connection by listening for
traffic on the network segment between the two connections. Interruption
of the signal forces the tunnel to renegotiate the connection.

So there you go. Manuals and documentation are wonderful inventions
aren't they?
</smug_mode>

:)



--

------------------------------------

Real email to mike. The header email is a spam trap and you will be
blacklisted,
submitted to anti-spam sites and proably burn in hell.
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

Hi Mike

Thank you for your reply.

I tried to play a bit with the Keep Alive Interval value in the Global VPN
Settings before, but that didn't
make any difference. I was unable to find the 'Enable Keep Alive' option.
Following the manual it
could be found under the "Advanced Settings..." buttton in the SA of the VPN
connection, but it
was not there.

After your reply I tried searching harder:
When I changed IPSec Keying Mode from "Manual Key" to "IKE using Preshared
Secret", the
option "Enable Keep Alive" came availeble.

I never used IKE before, and new options are availeble now that i never used
before: Phase DH group, Main Mode, Agressive Mode....

I hope it works out.

Greetings,

Bart
 

jtrammell

Distinguished
Sep 13, 2011
1
0
18,510
Problem
When multiple computers are connected to the SonicWall wireless network, the wireless network goes down every 15 minutes.
Synopsis
The problem has been confirmed resolved by updating the firmware and disable the Intrusion Detection on the wireless.
Solutions
Update the SonicWall firmware to the most recent version. Disable the Intrusion Detection on the wireless network.



Shawn Zernik
http://www.internetworkconsulting.net