This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
IPSec VPN tunnel between SRX5308 and a FVS336Gv3 suddenly changes to a SSLVPN tunnel
I had an IPSec VPN tunnel between a SRX5308 router and a FVS318G router had to change the FVS318G router went to a FVS336Gv3 router. Set up the IPSec VPN tunnel on the 336Gv3 router and all was fine for a couple of days, I then realized the IPSec tunnel was not working I investigated and found that a SSL VPN tunnel had replaced the IPSec one. I did not set this tunnel up the client address range begining and ending are no where near the client address ranges we actually use. Also there is no info in the DNS Suffix or the primary or secondary DNS servers.
1.) Can anyone please tell me what happened?
2.) As well as how do I fix this or turn off the SSLVPN tunnel and re-establish the IPSec tunnel
3.) Or is the SSL tunnel better than the IPSec tunnel?
Thank you in advance for any assistance on this problem.
Re: IPSec VPN tunnel between SRX5308 and a FVS336Gv3 suddenly changes to a SSLVPN tunnel
Hi PopinatorWV,
For the logs to be analyzed, I advise you to open an online case with NETGEAR Support at anytime. State your concerns and attach the logs on the online case you have opened. The online case will be forwarded to the engineering team to be analyzed.
Re: IPSec VPN tunnel between SRX5308 and a FVS336Gv3 suddenly changes to a SSLVPN tunnel
Hi PopinatorWV,
For me, it is very unlikely for the IPSec VPN setup to suddenly switch to SSL VPN setup without having a person reconfigure the settings of both firewall(s). Are you the only person that has access to both firewall(s)?
To re-establish the IPSec VPN tunnel, you will need to reconfigure everything. Otherwise, if ever you have backed-up the configuration of both firewall(s) when IPSec VPN was working fine, then you may just restore the configuration file to the firewall(s).
Both IPSec VPN and SSL VPN have their own advantages depending on the requirements of the network or client(s). Personally, I prefer IPSec VPN since I find it easier to set it up.
Re: IPSec VPN tunnel between SRX5308 and a FVS336Gv3 suddenly changes to a SSLVPN tunnel
Hello again all,
Well I tried what was suggested to no avail. I was able to get the IPSec VPN tunnel up again only thing is that the SSL VPN was also still up. After about an hour or so I checked the on line status of the IPSec and found it was disconnected and the SSL VPN was active and connected. I even went so far as to manualy re-configure both the SRX5308 and the FVS336Gv3 routers same exacxt thing happened again. Is there a way to turn off the SSLVPN or not? How difficult is the SSLVPN to set up, and do I need an SSL certificate for each router? I really need to get this tunnel established and working properly ASAP. Thank you in advance for your assistance.
Re: IPSec VPN tunnel between SRX5308 and a FVS336Gv3 suddenly changes to a SSLVPN tunnel
Hello All again,
I have had some new developements in this issue I am having. The SSLVPN seems to be on all the time. I can initate the IPSec VPN tunnel and after a while it stops and the only thing showing is the SSLVPN connection. Is there a way to stop the SSLVPN connection? I have tried to DISCONNECT the SSLVPN from both routers but it will not disconnect. Each time I try I am sent back to the log on screen saying my session has expired and I need to log back in. I have tried this on both Routers and get the same responce. If I DISCONNECT the IPSec tunnel it disconnects it like it should. then I can also re-establish the IPSec tunnel.
I have a logfile of the IPSec VPN connections and it shows, at least to me, that the IPSec all of a sudden breaks the connection and cannot re-establish it. Do you need me to post the log or a portion of it? Please let me know and I will post it. Again thanks for your assistance
Re: IPSec VPN tunnel between SRX5308 and a FVS336Gv3 suddenly changes to a SSLVPN tunnel
Hi PopinatorWV,
For the logs to be analyzed, I advise you to open an online case with NETGEAR Support at anytime. State your concerns and attach the logs on the online case you have opened. The online case will be forwarded to the engineering team to be analyzed.
