IPSec Road Warrior devices are losing connection every 30 minutes behind a NAT gateway, what can be done?

Article #:

Product

Castle

1595

Unified Threat Management

All

Summary

Altering the settings so that IPSec clients do not regularly lose connection with the Smoothwall when behind a NAT gateway.

Problem

IPSec Road Warrior devices are losing connection every 30 minutes behind a NAT gateway, what can be done?

Solution

This is a known issue with various IPSec clients when operating behind a NAT gateway. The Smoothwall tries to renegotiate the Security Association (SA), but the NAT device has timed out the connection, so the Smoothwall cannot reach the client.

On the configuration for the IPSec road warrior, expand the Advanced settings and enable the Do not rekey option. That will cause the Smoothwall to not initiate SA requests but wait for the client to do so — the tunnel will then stay open.

Attribution:

Last updated:

Author:

Contributions by:

06 September 2016

 

Tanja, SK

 

 

Copyright © 2000-2016 Smoothwall All rights reserved.