NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

jmfranzen's avatar
jmfranzen
Aspirant
Nov 12, 2015

Netgear FVS318G Site to Site VPN tunnel

This tunnel has been working correctly and was reconfigured after the ISP at both sites was switched to another provider.   About a month later staff member noticed corruption in files copied over ...
Troubleshooting
jmfranzen's avatar
jmfranzen
Aspirant
Nov 20, 2015

Both using DHCP as the static IP's assigned are in wrong subnet and I am trying to get COX to remedy this issue.

 

Got both upgraded to newest firmware.

 

Maxed out the SA lifetime to 24 hours.

 

Identical FVS318G's purchased at same time

adit's avatar
adit
Mentor
Nov 20, 2015

Always list the specific firmware. The "latest" means nothing if a new firmware gets release the next day.

 

How often are your public IP's changing?

 

I've seen ISP's (VZ DSL) change IP's via DHCP as often as once a minute.  Everytime that IP changes the tunnel will drop.

 

Having DHCP on the WAN you should lower the SA Lifetimes.  I use 3600 at most on dynamic WAN's, less if ISP DHCP expiration is set shorter than an hour (match the expiration time).

 

Static IP's I use 86400.

  • jmfranzen's avatar
    jmfranzen
    Aspirant
    Nov 20, 2015

    Public IP's (even though DHCP) are not changing over several months now, and worked fine with these IP's for month or two,before the issue suddeny started

     

     

    SA Lifetimes were set to 8 hours and the connection was resetting every 15 to 20 minutes.

    I switched them to 24 hours.

     

    They are both running 3.1.1-18 whihc is newest according to the Netgear download page.

    They were both running 3.0.7-34 and working fine, before the issue suddeny started.

     

    Firmware History:

    3.1.1-18

    3.1.1-14

    3.1.1-08 

    3.0.8-12

    3.0.7-24

    3.0.7-22

    3.0.6-16

    3.0.6-15

    3.0.5-27

     

     

     

    • adit's avatar
      adit
      Mentor
      Nov 20, 2015

      Are you sure the WAN connection is not dropping out?

       

      Not sure what diagnostic software you run but have you tried a continuous PING to the remote site WAN IP to see if it drops, and for how long?  If it drops, figure out where it is dropping.  Run a few traceroutes and notate the IP's.

       

      You also need to find out what the DHCP expiration is set for.  Just because the IP isn't changing doesn't mean that it isn't renewing itself every 15 or 20 minutes.  Whenever the WAN renews your VPN tunnels can drop (I've seen it happen in as little as 4 seconds for the VPN to renegotiate).  This is probably not enough to disrupt someones browsing but could be enough for it to booger up a VPN transfer.

       

      Who is the ISP and what type of service is it?  Same on both sides?  (I see you mention Cox)

       

       

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More