Knowledgebase
IPSEC VPN Hints for Vigor2130 Router
Posted by on 14 February 2012 03:54 PM

We handled some vpn issues recently, so i think maybe i can share something with you, hope it's helpful for you guys some day.

 

Some IPSec hints 

1. The default phase1/2 lifetime settings for Vigor 2130 are:

phase1:3600

phase2:28800

it's different from other vigor 2xxx models(phase1:28800;phase2:3600)

and vigor2130's lifetime cannot be changed.

 

 

2. IPSec lifetime settings.

IPSec's lifetime setting may not affect vpn connecting, sometimes, you don't have the same lifetime settings on server and client sides, but you can establish ipsec tunnel.

However, if you see periodic vpn dropouts, you'd better check the lifetime settings.

 

I have a case here:

Server: Fortinet

phase1 28800;phase2:1800

Client: Draytek Vigor 2920:

phase1 28800;phase2:3600(Default)

 

The VPN can be connected, however, every 30 minutes, the vpn disconnects and reconnects.

After some analysis, I find linux based ipsec servers(including v2130,v3900) can accept whatever lifetime from vpn client, but they only follow their own setting, which means , if the client doesn't send a renew request after 1800 seconds, the server disconnects the tunnel.

 

(0 vote(s))
Helpful
Not helpful

Comments (0)