Thin client and VPN connection issues

Posted on 2007-10-08
Last Modified: 2009-01-28
We have a SonicWALL PRO 230 at our main office and a little Linksys RVS4000 4-Port Gigabit Security Router with VPN at our branch office (one user)

I have set up constant VPN between those gateway/firewalls and it works most of the time.
I used GroupVPN category IKE using Preshared Secret.
Phase 1 DH Group is Group 2 ( or 1024-bit )

Phase 1/2 Encryption/Authentication  is all the same as on remote side
SA Life is 28800 seconds

On the remote side (The Linksys) we have:
IKE with preshared key,
Phase 1 key life 28800 seconds
Phase 2 key life 3600 seconds

All of the encryption authentication settings are the same but now here is the problem:
There exists a VoIP phone on the other end as well as a thin client. Both of which are connected to
the main office servers. The user on the remote side notices that his thin client session
TIMES OUT ( or disconnects ) every hour. This only happens when the thin client is in idle and the user is not using the thin client pc. I know the 3600 seconds is an hour but I do not understand why this is a problem. Since it is a constant VPN shouldn't it stay alive forever? I do not see a place on our
SonicWALL to put a Phase 2 key life.

I also notice that when these connection problems are happening I get these entries in the SonicWALL log:
10/08/2007 09:40:55.208 IKE Responder: Received Quick Mode Request (Phase 2)
10/08/2007 09:40:54.576 IPSec (ESP) packet dropped
10/08/2007 09:40:54.560 Received IPSEC SA delete request

Any help would be greatly appreciated!
Question by:jpwallen
    LVL 10

    Expert Comment

    I'm guessing the Pro 230 is a pretty old model.. so I'm not sure what version of the firmware it's running, and whether it's even the same OS as the current models, so it's a bit hard to answer your questions. I took our last 2nd generation unit out of service a couple of years ago, so I can't even look anywhere...
    In the current generation of appliances it's pretty easy to specify the SA lifetime and Phase 1 & Phase 2 lifetimes... do you have a current firmware updates agreement? Can you download the latest firmware for onto your unit? (is it even compatible?) What OS / version are  you running?

    LVL 1

    Author Comment

    Firmware version:
    of regular SonicOS
    We do not have a support agreement no can we get one
    because it is end of lifed,
    LVL 10

    Accepted Solution

    I'm sorry I can't help with this since I have no way of looking back that far ago!

    All I can do is recommend that you use their Secure Upgrade programme to get a heavy discount on a current appliance and then your life will be much easier :-) (and a lot more secure...)

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Please see preceding article here: Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
    Let’s list some of the technologies that enable smooth teleworking. 
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now