Unable to access remote side router via IPSec

Author
MeoDub
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/07/25 09:10:57
  • Status: offline
2019/08/08 13:33:30 (permalink)
0

Unable to access remote side router via IPSec

Hi all,
 
I made my first attempt at creating an IPSec tunnel between our main building (60c) and our new remote site (60e).
 
On the remote side, I can access the 60c at our main HQ with no issues, make config chances, etc.  
 
From the HQ, I can access the remote router just long enough to log in, but the second I click anything menu, I lose connection.  I can refresh, reenter credentials, but the same thing keeps happening.  Any ideas?
 
Thanks!
 

#1

3 Replies Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 1622
    • Scores: 137
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Unable to access remote side router via IPSec 2019/08/08 21:49:00 (permalink)
    0
    I'm assuming you are getting into the 60E through the tunnel at the inside interface. The first I would check is if continuous pinging to the same IP loses responses when you lose GUI access. Then likely the tunnel itself or routes through the tunnel is bouncing. I would check VPN and routing logs.
    #2
    MeoDub
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/07/25 09:10:57
    • Status: offline
    Re: Unable to access remote side router via IPSec 2019/08/14 08:10:47 (permalink)
    0
    Thanks for the advice, I'll ping the other side next time it happens and check logs.  I won't need to access the GUI this way often, if at all, was just worried it was indicative of a larger issue.  So far the tunnel has been fine, so minor issue.
    #3
    OneOfUs
    New Member
    • Total Posts : 11
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/07/16 06:32:59
    • Status: offline
    Re: Unable to access remote side router via IPSec 2019/08/14 17:17:01 (permalink)
    0
    For testing, try:
    # config vpn ipsec phase1-interface
    # edit phase-1-name
    # set npu-offload disable
    # end

     
    I've come across this issue with 6.0.4 and haven't found a solution.  Also testing with iperf showed there was a performance impact with it enabled.  Unfortunately, it means the encryption will be handled by the CPU which could also have a performance impact, depending on the amount of traffic going through the firewall.
    #4
    Jump to:
    © 2019 APG vNext Commercial Version 5.5