We have a SonicWALL PRO 230 at our main office and a little Linksys RVS4000 4-Port Gigabit Security Router with VPN at our branch office (one user)
I have set up constant VPN between those gateway/firewalls and it works most of the time.
I used GroupVPN category IKE using Preshared Secret.
Phase 1 DH Group is Group 2 ( or 1024-bit )
Phase 1/2 Encryption/Authentication is all the same as on remote side
SA Life is 28800 seconds
On the remote side (The Linksys) we have:
IKE with preshared key,
Phase 1 key life 28800 seconds
Phase 2 key life 3600 seconds
All of the encryption authentication settings are the same but now here is the problem:
There exists a VoIP phone on the other end as well as a thin client. Both of which are connected to
the main office servers. The user on the remote side notices that his thin client session
TIMES OUT ( or disconnects ) every hour. This only happens when the thin client is in idle and the user is not using the thin client pc. I know the 3600 seconds is an hour but I do not understand why this is a problem. Since it is a constant VPN shouldn't it stay alive forever? I do not see a place on our
SonicWALL to put a Phase 2 key life.
I also notice that when these connection problems are happening I get these entries in the SonicWALL log:
10/08/2007 09:40:55.208 IKE Responder: Received Quick Mode Request (Phase 2)
10/08/2007 09:40:54.576 IPSec (ESP) packet dropped
10/08/2007 09:40:54.560 Received IPSEC SA delete request