IPSec Tunnel stopped passing traffic using Web Security Service (WSS)

book

Article ID: 170907

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

IPSec connection suddenly stops passing traffic or is intermittent

Cause

  • If the tunnel times are greater than 4 hours

  • If Phase 2 time is greater than Phase 1 time

  • Dead Peer Detection is disabled

Environment

IPSec
Web Security Service

Resolution

"Important: Symantec has seen outages occur if the Phase 2 Timeout value is set to longer than four (4) hours. If the current setting is less than four hours, you can leave that value. Otherwise, adjust the time. The screenshots in the following procedure might not reflect this advisory."

Set the Phase 1 time out value to under 8 hours (48000 seconds) and Phase 2 time out value to under 4 hours (14400 seconds). 

Also, enable Dead Peer Detection and disable NAT Traversal.

View the document for more information depending on your VPN Connection

If this does not resolve the issue, please collect your Firewall Logs and refer to the document