[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1633
  • Last Modified:

Thin client and VPN connection issues

We have a SonicWALL PRO 230 at our main office and a little Linksys RVS4000 4-Port Gigabit Security Router with VPN at our branch office (one user)

I have set up constant VPN between those gateway/firewalls and it works most of the time.
I used GroupVPN category IKE using Preshared Secret.
Phase 1 DH Group is Group 2 ( or 1024-bit )

Phase 1/2 Encryption/Authentication  is all the same as on remote side
SA Life is 28800 seconds

On the remote side (The Linksys) we have:
IKE with preshared key,
Phase 1 key life 28800 seconds
Phase 2 key life 3600 seconds

All of the encryption authentication settings are the same but now here is the problem:
There exists a VoIP phone on the other end as well as a thin client. Both of which are connected to
the main office servers. The user on the remote side notices that his thin client session
TIMES OUT ( or disconnects ) every hour. This only happens when the thin client is in idle and the user is not using the thin client pc. I know the 3600 seconds is an hour but I do not understand why this is a problem. Since it is a constant VPN shouldn't it stay alive forever? I do not see a place on our
SonicWALL to put a Phase 2 key life.

I also notice that when these connection problems are happening I get these entries in the SonicWALL log:
10/08/2007 09:40:55.208 IKE Responder: Received Quick Mode Request (Phase 2)
10/08/2007 09:40:54.576 IPSec (ESP) packet dropped
10/08/2007 09:40:54.560 Received IPSEC SA delete request

Any help would be greatly appreciated!
  • 2
1 Solution
I'm guessing the Pro 230 is a pretty old model.. so I'm not sure what version of the firmware it's running, and whether it's even the same OS as the current models, so it's a bit hard to answer your questions. I took our last 2nd generation unit out of service a couple of years ago, so I can't even look anywhere...
In the current generation of appliances it's pretty easy to specify the SA lifetime and Phase 1 & Phase 2 lifetimes... do you have a current firmware updates agreement? Can you download the latest firmware for onto your unit? (is it even compatible?) What OS / version are  you running?

jpwallenAuthor Commented:
Firmware version:
of regular SonicOS
We do not have a support agreement no can we get one
because it is end of lifed,
I'm sorry I can't help with this since I have no way of looking back that far ago!

All I can do is recommend that you use their Secure Upgrade programme to get a heavy discount on a current appliance and then your life will be much easier :-) (and a lot more secure...)

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now