It's a best practice to uncheck parameters in the VPN tunnel options that aren't needed with the customer gateway for the VPN connection. Make sure that it matches the AWS parameters. Review the phase 1 or phase 2 lifetime fields on the customer gateway.If you're experiencing rekey issues due to phase 1 or phase 2 mismatch on a VPN tunnel: Be sure to check your vendor documentation for your specific device. When there's no traffic through a VPN tunnel for the duration of your vendor-specific VPN idle time, the IPsec session terminates. Review your VPN device's idle timeout settings using information from your device's vendor.If necessary, create a host that sends ICMP requests to an instance in your VPC every 5 seconds. Be sure that there's constant bidirectional traffic between your local network and your VPC.If you're experiencing idle timeouts due to low traffic on a VPN tunnel:
It isn't rate limiting DPD messages due to IPS features enabled in the firewall.It isn't too busy to respond to DPD messages from AWS peers.It's configured to receive and respond to DPD messages.If your customer gateway device has DPD enabled, be sure that: If a VPN peer doesn't respond to three successive DPDs, then the peer is considered dead and the tunnel is closed. Idle timeouts due to low traffic on a VPN tunnel or vendor-specific customer gateway device configuration issues.Problems with Internet Protocol Security (IPsec) dead peer detection (DPD) monitoring.Common reasons for VPN tunnel inactivity or instability on a customer gateway device include:
0 kommentar(er)
