Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » IPSec tunnels gets off randomly
  •  
alexpacio

Messages: 10
Karma: 0
Send a private message to this user
Hi,
we have some Kerio Control installations but in every environment it happens that, randomly, on our Ipsec site-to-site tunnels on Kerio Control the traffic stops flowing at a certain point and, if I go to check the tunnel health on the status page it says that it is connected. Even the log doesn't report that problem.

I'm quite sure it is a bug on the IPSec stack of Kerio Control. Maybe it could be due to Nat Trasversal keepalive time that should be tunable in order to keep the tunnel connected forever.

Can you help me to solve this problem?

Thanks
  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
What version are you on? Were the installations stable prior to any configuration change or version change? Are these Kerio to Kerio tunnels or Kerio to 3rd_Party tunnels? Are you able to view logs on both endpoints?

Ken Snyder
  •  
alexpacio

Messages: 10
Karma: 0
Send a private message to this user
Version: 8.4.0, but this happened with other prior versions too.
Were the installations stable prior to any configuration change or version change? No
Are these Kerio to Kerio tunnels or Kerio to 3rd_Party tunnels? Kerio to Kerio
Are you able to view logs on both endpoints? On both endpoints it seems, reading the logs, that there's no disconnection. Infact, when this strange problem happens, if I go to the status page it says that it is connected, but no traffic is passing through the tunnel. In order to recover the tunnel, I have to disconnect and reconnect manually the tunnel on one of the endpoints.

Any ideas?
  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
If all endpoints are Kerio Control, it may be worthwhile to change the VPN Tunnel properties on each from IPsec to Kerio VPN and monitor for improved stability. http://kb.kerio.com/1304

If IPsec is a must-have (and Kerio proprietary VPN is not an option for you), then generating a support ticket may be a good idea. Prior to this, it might be worthwhile to do one last check that there are no traffic policies or QoS rules that are negatively impacting VPN interfaces.

Ken Snyder
Previous Topic: Kerio control Mac address speed Limit?
Next Topic: Help - Bringing Control to New Machine
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Jun 23 22:44:59 CEST 2017

Total time taken to generate the page: 0.00402 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.