IPSec Tunnel Dies After One Hour

Printable View

03-30-2012, 08:55 AM
tealnet

IPSec Tunnel Dies After One Hour

We have a site-to-site VPN link from an Untangle IPSec to a Fortigate. We're able to bring the link up just fine. However, after exactly an hour it will stop passing data. We tried an on-demand and always-on connection but it didn't make any difference. There is a message showing up in the IPSec log about every 40 seconds that we can't figure out.

Mar 30 08:51:11 hostname pluto[31855]: "UT0_Chevrolet" #284: ignoring Delete SA payload: ISAKMP SA not found (maybe expired)
Mar 30 08:51:11 hostname pluto[31855]: "UT0_Chevrolet" #284: received and ignored informational message

That starts from the moment the connection is established and continues even after the link no longer passes data. But it works fine for exactly an hour every time. I could not find any configuration information for the Fortigate router to connect to Untangle but looking over the configs for other routers, pfSense appeared to be the closest. So we matched all the settings on the Fortigate with what showed for the pfSense settings.

Does anyone know what would be causing this?
04-25-2012, 10:52 AM
tealnet

No ideas? Do we really have to pay a thousand dollars for Live Support just to figure this out?
04-25-2012, 12:12 PM
sky-knight

The support module is for the platform, support for the module itself comes with the module. So if you bought the IPSec module, get UT support on the phone and make them fix the IPSec module.
04-25-2012, 12:26 PM
tealnet

Quote:

Originally Posted by sky-knight

The support module is for the platform, support for the module itself comes with the module. So if you bought the IPSec module, get UT support on the phone and make them fix the IPSec module.

I did purchase it. I'll give them a call.
05-18-2012, 04:16 AM
snecklifter

Whats the dead peer detection you are using on the fortigate?
05-20-2012, 10:27 PM
martingeorge

I have no idea because i didnt tried it myself. I would suggest you to talk to support team on live chat and get your problem solved :)
06-04-2012, 06:57 AM
my-cool

Did you ever find a solution?

I am interested in your outcome? Did Untangle support get you up and running and if so was the support experience easy and fast? I am about to pull the trigger on a few Untangle appliances and really would like to know more support experiences before I do. Especially related to VPN setup. We have a number of clients that use site-to-site VPN connections and when their yearly service comes due we could easily move them to the Untangle appliance for little more than their annual service...and with the added benefits that Untangle offers I am thinking that it might be a win-win.

Thank you.
michael