Troubleshoot intermittent connectivity issues So, if you set a lower lifetime value, then the peer always initiates the rekey.įor more information, see Tunnel options for your Site-to-Site VPN connection and Your customer gateway device. Note: The IKEv2 lifetime value field is independent of peers.
Troubleshoot rekey issues for phase 1 or phase 2 Check your vendor documentation for your specific device. If there's no traffic through a VPN tunnel for the duration of your vendor-specific VPN idle time, then the IPsec session ends. Review your VPN device's idle timeout settings using information from your device's vendor.If necessary, create a host that sends ICMP requests to an instance in your virtual private cloud (VPC) every 5 seconds. Confirm that there's constant bidirectional traffic between your local network and your virtual private cloud (VPC).If you're experiencing idle timeouts that are caused by low traffic on a VPN tunnel, then check the following: It doesn't have internet transit issues.It isn't rate limiting DPD messages because IPS features are turned on in the firewall.It isn't too busy to respond to DPD messages from AWS peers.It's configured to receive and respond to DPD messages.If your customer gateway device has DPD turned on, then be sure that the following are true: If a VPN peer doesn't respond to three successive DPDs, then the peer is considered dead, and the tunnel is closed.
A policy-based VPN connection on the customer gateway device is causing intermittent connectivity issues.Idle timeouts due to low traffic on a VPN tunnel or vendor-specific customer gateway configuration issues.Problems with Internet Protocol Security (IPsec) dead peer detection (DPD) monitoring.Common reasons for AWS VPN tunnel inactivity or instability on a customer gateway device include the following:
0 kommentar(er)
