Please note, that it also may possible that other router models are affected by this issue and we are just not yet aware of it. Also, the VPN feature could be enabled again after a firmware upgrade on Swisscom routers. Please note, that the solution (disabling the VPN feature) has to be implemented on both sides of the tunnel. You can disable the function for test purposes as follow:Īs soon as the function is disabled and the router is rebooted, the problem is resolved. We found out that this issue could be related to the enabled Peer-to-Peer VPN function on the Swisscom router. How to disable the IPSec feature on a Swisscom router
Enable Advanced Options > -i any host 1.2.3.4 and esp Temporary solution Replace 1.2.3.4 by the remote public IP terminating the VPN tunnel. # Please note disabling NP will cause the tunnel to flapĭiagnose sniffer packet any "host 1.2.3.4 and esp" 4 0 a # Temporarily disable the hardware acceleration If you only see outgoing but no incoming ESP packets, you are probably affected by this issue.ġ.2.3.4 should be replaced by the remote public IP terminating the VPN tunnel. You should see incoming and outgoing ESP packets. You can see there, that one of the counters is not incrementing anymore: FortiGate IPSec Monitor WatchGuard Firebox System Managerįor a more reliable troubleshooting, you can do a packet trace on both sides of the VPN tunnel.
How to check if you are affected by this issueįor a first overview, you can check the Outgoing and Incoming Data counter on the Firewall.
Internet line is provides by Swisscom with a Business DLS modem.The problem is not related to a firewall vendor.If there are multiple VPN tunnels set up, only one or a few of all the tunnels may be affected.The IPSEC Tunnel is up, but no or only one-way traffic flow is going through the tunnel.The following symptoms are very typical to identify this problem We observed a pike in problems with IPSec VPN tunnels lately.
0 kommentar(er)
