NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

jxdomb's avatar
jxdomb
Aspirant
Jul 24, 2016

IPSec VPN Deletes After One Hour

I can successfully open a tunnel between the Netgear VPN client and FVS318N VPN router.  However after an hour, the VPN log on the router reports ISAKMP-SA expired and the tunnel goes down.  I've inc...
Security
jxdomb's avatar
jxdomb
Aspirant
Jul 25, 2016

Thank you for the response.  I double-checked the article and agree that I don't see similarities with my situation.  I also checked the SA lifetimes as described in the threads and they are in bounds.  I am using the latest firmware and client versions:

 

a. Was it working fine before?   This is a new installation.

b. What is the current version of the NETGEAR VPN Client software you are using?  6.30.001

c. What is the current firmware version of the FVS318N?  4.3.3-8

 

Thank you!

DaneA's avatar
DaneA
NETGEAR Employee Retired
Jul 25, 2016

Hi jxdomb,

 

What is the Operating System of the PC where the NETGEAR VPN Client software is installed?

 

Is there a software firewall or anti-virus running on the PC where the NETGEAR VPN Client software is installed?  If yes, try to disable or uninstall it for the meantime then check if that helps.

 

Also, you may try to install the NETGEAR VPN Client software on other PCs/laptops to isolate the problem.  

 

 

Regards,

 

DaneA

NETGEAR Community Team

  • jxdomb's avatar
    jxdomb
    Aspirant
    Jul 30, 2016

    I am using the VPN client on a Windows 8.1 desktop.  After reviewing the links you provided, I have been adjusting the various SA Lifetimes in the router IPSec policies and in the VPN client.  I must admit that I'm still not fully understanding them, but I have managed to get the tunnel to stay open for about four hours before it quits.

     

    Does the 86400 seconds maximum in the client configuration indicate that 1 day is the maximum that an IPSec VPN tunnel is designed to stay up before it needs to be re-initiated by the remote user?  What if someone wants to keep a tunnel up for 2 days, a week or even longer?

     

    Thanks for your continued assistance!

    • DaneA's avatar
      DaneA
      NETGEAR Employee Retired
      Jul 31, 2016

      Hi jxdomb,

       

      What I know is that the SA Lifetime is the lifetime of the keys that the VPN tunnel uses to encrypt data.  If the 86400 seconds has been reached then it negotiates a new key.  If ever you have activity going on through the VPN tunnel, this will not be noticeable when the timers expire.

       

      Let me share this link below that I found online and this might help you understand more about SA Lifetime:

       

      IP SEC SA Lifetime

       

       

      Regards,

       

      DaneA

      NETGEAR Community Team

    • DaneA's avatar
      DaneA
      NETGEAR Employee Retired
      Aug 03, 2016

      Hi jxdomb,

       

      We’d greatly appreciate hearing your feedback letting us know if the information I’ve provided has helped resolve your concern or if you need further assistance.  If ever your concern has been resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!

       


      Regards,

       

      DaneA

      NETGEAR Community Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More