Unable to access remote side router via IPSec

MeoDub · ‎08-08-2019

Hi all,

I made my first attempt at creating an IPSec tunnel between our main building (60c) and our new remote site (60e).

On the remote side, I can access the 60c at our main HQ with no issues, make config chances, etc.

From the HQ, I can access the remote router just long enough to log in, but the second I click anything menu, I lose connection. I can refresh, reenter credentials, but the same thing keeps happening. Any ideas?

Thanks!

Toshi_Esumi · ‎08-08-2019

I'm assuming you are getting into the 60E through the tunnel at the inside interface. The first I would check is if continuous pinging to the same IP loses responses when you lose GUI access. Then likely the tunnel itself or routes through the tunnel is bouncing. I would check VPN and routing logs.

MeoDub · ‎08-14-2019

Thanks for the advice, I'll ping the other side next time it happens and check logs. I won't need to access the GUI this way often, if at all, was just worried it was indicative of a larger issue. So far the tunnel has been fine, so minor issue.

OneOfUs · ‎08-14-2019

For testing, try:

# config vpn ipsec phase1-interface # edit phase-1-name # set npu-offload disable # end

I've come across this issue with 6.0.4 and haven't found a solution. Also testing with iperf showed there was a performance impact with it enabled. Unfortunately, it means the encryption will be handled by the CPU which could also have a performance impact, depending on the amount of traffic going through the firewall.