Unsolved site to site VPN only works with Keep Alive
-
You only need a keep alive when you have no traffic. But, not having traffic can happen simply from everyone going to lunch at the same time.
-
It's really odd. I had a continuous ping going as I was changing settings. At some point I checked the box and all the sudden I started getting replies. I kept checking and unchecking boxes until I found that that was the thing that was doing it. As soon as I turn it off, the connection drops, even though there should be a continuous ping going across the connection.
-
That is odd, not sure why that would be. KA should only affect you after a few minutes, at least, often more than that.
-
@mike-davis said in site to site VPN only works with Keep Alive:
It's really odd. I had a continuous ping going as I was changing settings. At some point I checked the box and all the sudden I started getting replies. I kept checking and unchecking boxes until I found that that was the thing that was doing it. As soon as I turn it off, the connection drops, even though there should be a continuous ping going across the connection.
Man, this sounds really odd like the issue I had with a Cisco ASA and a Meraki device, especially the part about the tunnel dropping. I know it's not the same scenario here, but this one peaked my curiosity and gave me a touch of deja vu.
I wonder if Sonicwall Support can explain it?
-
@networknerd said in site to site VPN only works with Keep Alive:
I wonder if Sonicwall Support can explain it?
The reason I was getting this tunnel going is I'm swapping out the current SonicWall that is falling out of support for one that is under support. Once I get the one under support on a live network, I can contact support.
-
@mike-davis Keep Alive is something I have enabled on all Sonicwalls for that reason. Otherwise on networks that there is no continual traffic it will stop. Cisco is notorious for this, so I have a continual ping a on a server between Cisco and AMazon. Same for SonicwALL with Network Monitor (another solution) with the Amazon VPC tunnels.
-
It's really odd because I have an existing tunnel that has been up for 2 years with no issues on that same SonicWall and it doesn't have the keep alive enabled.
-
@mike-davis What firmware are you on?
-
@dbeato said in site to site VPN only works with Keep Alive:
@mike-davis What firmware are you on?
5.9.0.7-17o on the remote side for my test environment. That will be swapped out for one under support. My issue is that I don't have the password to the production one, so my only option is to factory default it and I wanted to make sure if I did, I could get the tunnel back up.
The main is is current firmware since it's under support.
-
@mike-davis said in site to site VPN only works with Keep Alive:
5.9.0.7-17o
That is a pretty old firmware. Update to the latest 5.9.1.7 and 5.9.1.8.
-
@dbeato said in site to site VPN only works with Keep Alive:
@mike-davis said in site to site VPN only works with Keep Alive:
5.9.0.7-17o
That is a pretty old firmware. Update to the latest 5.9.1.7 and 5.9.1.8.
I totally forgot about that. Like I said, this was a spare one I had on hand for testing and I wanted to make sure I could get the tunnel up when I factory reset the one under support since I can't log in to see its settings.
-
@mike-davis You also can still download Early releases and they do work well too.
-
@mike-davis said in site to site VPN only works with Keep Alive:
about that. Like I said, this was a spare one I had on hand for testing and I wanted to make sure I could get the tunnel up when I factory reset the one under support since I can't log in to see its settings.
Make a backup also of the settings as well just in case.
-
@Mike-Davis How did you end up working out this one?
-
This was one of the reasons we leave sonicwall in the company, apart of the support cost.
Now with Pfsense using VpnSite all problems disappears.
-
@dbeato said in site to site VPN only works with Keep Alive:
@Mike-Davis How did you end up working out this one?
I think I left it with the keep alive going and the static IP on both ends.
-
@iroal said in site to site VPN only works with Keep Alive:
This was one of the reasons we leave sonicwall in the company, apart of the support cost.
Now with Pfsense using VpnSite all problems disappears.My first choice is Ubiquiti. In this case the Sonics came in under grant money and I had to use them.
-
@mike-davis said in site to site VPN only works with Keep Alive:
@iroal said in site to site VPN only works with Keep Alive:
This was one of the reasons we leave sonicwall in the company, apart of the support cost.
Now with Pfsense using VpnSite all problems disappears.My first choice is Ubiquiti. In this case the Sonics came in under grant money and I had to use them.
Even with grant money, not sure that they are worth it
-
I really don't like grant money. It sounds like a good idea, but when you actually see how it works, it's such a waste. As a tax payer I would like to see the system changed. As a tax payer, I would rather see ubiquiti gear and OpenDNS go in than a SonicWall with content filtering and VPN licenses.
-
@mike-davis said in site to site VPN only works with Keep Alive:
I really don't like grant money. It sounds like a good idea, but when you actually see how it works, it's such a waste. As a tax payer I would like to see the system changed. As a tax payer, I would rather see ubiquiti gear and OpenDNS go in than a SonicWall with content filtering and VPN licenses.
Oh yeah. As a tax payer all I see is open corruption. SonicWall is getting tax dollars funneled straight to them. No possible ethical reason for a real grant to exist only to fund a private company.
