search cancel

IPSec Tunnel stopped passing traffic using Web Security Service (WSS)


Article ID: 170907


Updated On:


Web Security Service - WSS


IPSec connection suddenly stops passing traffic or is intermittent


Web Security Service


  • If the tunnel times are greater than 4 hours

  • If Phase 2 time is greater than Phase 1 time

  • Dead Peer Detection is disabled


"Important: Symantec has seen outages occur if the Phase 2 Timeout value is set to longer than four (4) hours. If the current setting is less than four hours, you can leave that value. Otherwise, adjust the time. The screenshots in the following procedure might not reflect this advisory."

Set the Phase 1 time out value to under 8 hours (48000 seconds) and Phase 2 time out value to under 4 hours (14400 seconds). 

Also, enable Dead Peer Detection and disable NAT Traversal.

View the document for more information depending on your VPN Connection

If this does not resolve the issue, please collect your Firewall Logs and refer to the document