I have a weird one. I’ve had an IPSec VPN Site to Site (Currently Sonicwall TZ470 to NSA2700) tunnel for nearly a decade though many versions of Sonicwall equipment and have never had an issue. The hardware I am currently running on has been in place for roughly a year or more with no issues whatsoever. It’s been solid and stable and it just works. I haven’t made recent any changes to either side.
But all of the sudden, this week for no apparent reason it’s been dropping once or twice a day. I’ve looked through the logs and I can’t find anything that sticks out. But this is where it gets odd. I call it a zombie tunnel because I am still seeing dead peer detection sends and responses on both sides. The connection light on my side shows green but I can’t access the remote Sonicwall or anything behind it. If I disable it on my side and re-enable it, everything comes back and works like it should.
Any ideas before I start throwing hardware at this? I’ve contacted the ISP on the remote end and they insist everything is fine on their side.
I’am seeing this for years but never really figured out a lasting solution. AFAIK it only happend on deployments where WAN is provided through a router in front of the SNWL and NAT on it is involved.
In some scenarios it helped to use IKEv1 instead of IKEv2 or disabling IPsec anti replay, but not always.
I had cases where disabling/enabling the Tunnel does not get it back to work until router reboot or changing the config.
If anyone comes across this. I ended up upgrading the Firmware (SonicOS 7.1.2-7019-R6288) and rebooting on both ends. Not sure if it was one, the other or both that seems to have fixed it, but it’s held through the weekend. Hopefully this is the end of it.
No, not yet. That’s my next step, I’m just looking to see if anyone has run into this at some point in the past and might be able to give me an easy out.
Okay, nevermind. It happened about a month after the above post. Rebooted the firewall and it’s working again. However, now I have to remind myself to reboot the firewall once a month, so that’s cool.
Have not had this specific problem but for other vpn related problems we have had success with deleting and rebuilding the tunnel. Also changing the keep alive settings for shorter intervals. But the capture will give you more insights to is the traffic actually making it to the other enf.
If during a outage you open the tunnel settings, dont make changes and click save will the green balls stay or do they disapear?