【NGAF】IPSec VPN Success Build Up but Tunnel not stable
Issue Description
NGAF build IPsec VPN with third party device. IPSec VPN tunnel success build up but the tunnel not stable.
Error/Warning Information
- When check the VPN status found out the Time Connected keep changing.
- Check System Log the NGAF keep nego with third party device to build IPSec VPN tunnel.
Handling Process
- Check system log foud out the DPD timeout cause the tunnel being deleted.
- Check both side DPD setting not consistent.
NGAF check DPD setting path: Network > IPSecVPN > IPSecVPN > Phase 1.
- Change the DPD settting to be consistent. Tunnel become stable.
Root Cause
The DPD setting in both side not consistent.
Solution
Change DPD setting on either side device to make sure the DPD configuration are consistent.
Suggestions
If either side had enable the DPD, another side also need to enable the DPD.