Solved

Sonicwall pro3060 failover VPN

Posted on 2004-08-25
4
388 Views
Last Modified: 2010-04-09
Hi All,
I'm having an issue with the sonciwall pro3060 firmware 2.5.0.3 .
I have 2 offices one in the UK and one in the US , both offices have two sonicwalls
in a failover configuration.
The US has 3 internet connections fibre, t1 and ADSL
the UK has 2 internet connections T1 and ADSL

There is a vpn connection between the UK and US using IKE which allows for 2 endpoints
I am using the public IP of the fibre and T1 connections. as my endpoints to the US lan (10.5.0.0)

The issue is that when the T1 fails in the UK failing over to the adsl line
the vpn connection does not failover.

Any thoughts (got latest firmware form sonicwall but there documentation is flaky)
0
Comment
Question by:packetninja
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 5

Accepted Solution

by:
idyllicsys earned 250 total points
ID: 11970151
Do you have both sides configured for keep alive. Try disabling on one side. You only need one to create the connection at any time. What is probably happening is that the T1 goes down  and VPN connection goes down. The US side tries to contact the primary interface in the UK, while the UK side is trying to contact the secondary interface in the US.

Let me know

Ted
---------------
MCSE, CSSA
www.idyllicsys.com
0
 

Assisted Solution

by:stephaniesb
stephaniesb earned 250 total points
ID: 11984686
Make sure you have Dead Peer Detection and keepalives set on only one side.
Also, the failover feature works well, but the preempt doesn't.  (It will fail over to the backup, but when the primary comes back up, it doesn't fail back)  This was fixed in firmware 2.5.0.4.  It's unreleased, but if you have a support contract you can call Tech Support and get it.
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question