vpn connection dropping

Archived from groups: comp.security.firewalls (More info?)

Hello,

Is there a way to keep a VPN connection up instead of dropping when there
is no activity?

Let me explain my situation.

For the company where I work for I have set up a VPN connection. It is a
connection between the head office and a remote office. I have made the
connection with two Sonicwalls. On the head office we have an IP Subnet so
the
Sonicwall has a public IP have address. The remote office has only one
Public
IP address. (see the drawing below)

When the connection is set up from the remote office everything works good,
but when
there is no activity the connection is dropped after a while.

Of course the connection cannot be set up from the head office, since the
remote
sonicwall has no public ip address.

My problem is that I want to keep the connection up so that it keeps
accessable
from the Head Office.

Now I am able to do this by letting one of our servers constantly send PING
requests
to a machine at the remote office. But this feels like a ducktape solution.
Is there
an other way to keep a VPN connection up for "ever"?


HEAD OFFICE:

______ ___________ _________
_( )_ DSL |Cisco | |Sonicwall|
(_Internet_)--------|2600 Series|_____|PRO 200 |-------------LAN
(______) |ADSL_______| |ADSL_____| ^
^ ^ ^ |
| | | |
x.x.x.17/30 | | |
Public IP address | | |
| | |
x.x.x.18/30 | |
Public IP address | |
| |
10.10.1.1 |
Lan Gateway 10.10.1.0/24


REMOTE OFFICE:

_________ __________ ______
|Sonicwall| |Cisco | DSL _( )_
LAN-------------|SOHO2 |------|800 Series|--------(_Internet_)
^ |_________| |ADSL______| (______)
| ^ ^ ^ ^
10.10.5.0/24 | | | |
| | | |
10.10.5.1 | | |
Lan Gateway | | |
| | |
10.10.250.2 | |
| |
10.10.250.1 |
Gateway for |
the Sonicwall |
|
x.x.x.166
Public IP address

Thanks,

Bart
3 answers Last reply
More about connection dropping
  1. Archived from groups: comp.security.firewalls (More info?)

    Bart vd Nieuwenhuizen wrote:
    > Hello,
    >
    > Is there a way to keep a VPN connection up instead of dropping when there
    > is no activity?

    <smug_mode>
    I don't have one of these and have never used one but I thought I'd have
    a go.

    I downloaded the manual from the Sonicwall web site and read the section
    on the VPN functions. I noticed under the VPN advanced configuration
    there is an option labelled "Enable Keep Alive". The relevent section
    reads:-
    Enable Keep Alive
    Selecting the Enable Keep Alive check box allows the VPN tunnel to
    remain active or maintain its current connection by listening for
    traffic on the network segment between the two connections. Interruption
    of the signal forces the tunnel to renegotiate the connection.

    So there you go. Manuals and documentation are wonderful inventions
    aren't they?
    </smug_mode>

    :-)


    --

    ------------------------------------

    Real email to mike. The header email is a spam trap and you will be
    blacklisted,
    submitted to anti-spam sites and proably burn in hell.
  2. Archived from groups: comp.security.firewalls (More info?)

    Hi Mike

    Thank you for your reply.

    I tried to play a bit with the Keep Alive Interval value in the Global VPN
    Settings before, but that didn't
    make any difference. I was unable to find the 'Enable Keep Alive' option.
    Following the manual it
    could be found under the "Advanced Settings..." buttton in the SA of the VPN
    connection, but it
    was not there.

    After your reply I tried searching harder:
    When I changed IPSec Keying Mode from "Manual Key" to "IKE using Preshared
    Secret", the
    option "Enable Keep Alive" came availeble.

    I never used IKE before, and new options are availeble now that i never used
    before: Phase DH group, Main Mode, Agressive Mode....

    I hope it works out.

    Greetings,

    Bart
  3. Problem
    When multiple computers are connected to the SonicWall wireless network, the wireless network goes down every 15 minutes.
    Synopsis
    The problem has been confirmed resolved by updating the firmware and disable the Intrusion Detection on the wireless.
    Solutions
    Update the SonicWall firmware to the most recent version. Disable the Intrusion Detection on the wireless network.


    Shawn Zernik
    http://www.internetworkconsulting.net
Ask a new question

Read More

Firewalls Connection VPN Office Networking