Hi All.
We have a customer with a Draytek 3900 at their HQ.
It dials out to 14 Draytek 2860 routers at remote sites and establishes 2x IPSec VPN each. Separated by VLANs one for data one for voice.
All sites are identical in setup - apart from remote IPs.
On 3 of the sites, the data VPN drops every 3mins (almost to the second!) the voice VPN stays solid.
I've been concentrating on one site and have had a ping going from a server behind the Draytek 3900 going to a PC on the remote site. It drops 1, maybe 2 pings each time the VPN drops and reconnects - it reconnects that quickly.
All routers are on the latest firmware.
I've created new VPN profiles for the one site and have changed just about every timeout/delay feature I can, added 'ping to keep alive', DPD on and off.
There are pretty much set as default settings; IKEv1 protocol, PSK auth, ESP security protocol. The only change on the advanced tab is to enable RIP via VPN. Settings on the proposal tab are; IKE phase 1 proposal DES G1 IKE phase 1 auth ALL IKE phase 2 proposal 3DES with auth IKE phase 2 auth ALL Accepted proposal acceptall
If both VPNs were dropping this way, I'd be straight on to the ISP, but the voice one is solid....
Does anyone have any ideas?
On a personal note, I've only been in this job a week, so to fix this would be cool!!
I have logged a ticket with Draytek support - but its been 48hrs without any update so far!
Many thanks Bryan
EDIT: Just created a PPTP LAN to LAN VPN and it stays up fine - so really can't be the ISP.....
No comments:
Post a Comment