No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

VPN working for a period of time

Publication Date:  2016-05-17 Views:  214 Downloads:  0
Issue Description

Lets assume that you have the following topology. You have a VPN tunnel between USG and XTM (firewall from another vendor). All the parameters are the same on both devices, USG and XTM.  


There is only one difference. On the USG IKE negociation mode is automatic and on the XTM the negociation mode is Main. At the first look you will say that is ok, you debug and see that somethimes is working to establish the tunnel, sometimes is not working. Even when is not working you can see in debug that the IKE is established. You also may think that this is a bug.  

Well, this is normal behavior for this scenario. If you take a closer look in the documentation you will find the root cause. When you use IKEv1 negociation mode auto, the USG will accept main mode and aggresive mode. That is the reson why sometimes is working, when XTM is starting the negociation.

But, if the negociation is started by the USG it will use by default aggresive mode. This is the reason why sometimes is not working.

Solution
The solution is to set also on the USG as negociation mode in IKE main mode.

END