_Lid_
asked on
Sonicwall Firewall looses internet connection randomly
I am having problems with one of my remote offices looses their internet connections several times a day. They loose connectivity with our main office servers, and also the msn messenger and web access goes down. A "break" lasts for about 3 to 4 minutes. I have spoken to the ISP , who claims that they cannot se any breaks on the line and everything seems fine.
Both firewalls are TZ180's
When the firewall is down i can not reach it through the vpn connection , or through https via the internet. Hence i conclude that it is not only the vpn connection that is down , but the whole firewall.
On the remote firewall i have the following error message(s) :
22 04/03/2009 08:59:13.483 IKE negotiation aborted due to timeout 193.213.xxx.2 193.213.xxx.196
23 04/03/2009 08:58:40.483 IKE Initiator: No response - remote party timeout 193.213.xxx.2, 500 193.213.xxx.196, 500
24 04/03/2009 08:58:23.483 IKE Initiator: No response - remote party timeout 193.213.xxx.2, 500 193.213.xxx.196, 500
25 04/03/2009 08:58:12.483 IKE Initiator: No response - remote party timeout 193.213.xxx.2, 500 193.213.xxx.196, 500
26 04/03/2009 08:58:06.633 IKE Initiator: Start Main Mode negotiation (Phase 1) 193.213.xxx.2, 500 193.213.xxx.196, 500
while on the main office firewall is get the following error messages :
04/03/2009 08:58:22.016 Info VPN IKE IKE Responder: Remote party timeout - Retransmitting IKE request. 193.213.xxx.196, 500 193.213.xxx.2, 500 VPN Policy: GS Bildeler Bergen
04/03/2009 08:58:12.704 Warning VPN IKE Received packet retransmission. Drop duplicate packet 193.213.xxx.2, 500 193.213.xxx.196, 500 VPN Policy: GS Bildeler Bergen
04/03/2009 08:58:12.016 Info VPN IKE IKE Responder: Remote party timeout - Retransmitting IKE request. 193.213.xxx.196, 500 193.213.xxx.2, 500 VPN Policy: GS Bildeler Bergen
04/03/2009 08:58:06.864 Info VPN IKE IKE Responder: Received Main Mode request (Phase 1) 193.213.xxx.2, 500 193.213.xxx.196, 500
I suspect these error messages rely only to vpn communication, but i can not see any other error messages that gives me any reason why the firewall looses internet connection.
This problem is starting to annoy me :), any help is deeply appreciated.
Yours sincerly
Stein Arvid Lid
Both firewalls are TZ180's
When the firewall is down i can not reach it through the vpn connection , or through https via the internet. Hence i conclude that it is not only the vpn connection that is down , but the whole firewall.
On the remote firewall i have the following error message(s) :
22 04/03/2009 08:59:13.483 IKE negotiation aborted due to timeout 193.213.xxx.2 193.213.xxx.196
23 04/03/2009 08:58:40.483 IKE Initiator: No response - remote party timeout 193.213.xxx.2, 500 193.213.xxx.196, 500
24 04/03/2009 08:58:23.483 IKE Initiator: No response - remote party timeout 193.213.xxx.2, 500 193.213.xxx.196, 500
25 04/03/2009 08:58:12.483 IKE Initiator: No response - remote party timeout 193.213.xxx.2, 500 193.213.xxx.196, 500
26 04/03/2009 08:58:06.633 IKE Initiator: Start Main Mode negotiation (Phase 1) 193.213.xxx.2, 500 193.213.xxx.196, 500
while on the main office firewall is get the following error messages :
04/03/2009 08:58:22.016 Info VPN IKE IKE Responder: Remote party timeout - Retransmitting IKE request. 193.213.xxx.196, 500 193.213.xxx.2, 500 VPN Policy: GS Bildeler Bergen
04/03/2009 08:58:12.704 Warning VPN IKE Received packet retransmission. Drop duplicate packet 193.213.xxx.2, 500 193.213.xxx.196, 500 VPN Policy: GS Bildeler Bergen
04/03/2009 08:58:12.016 Info VPN IKE IKE Responder: Remote party timeout - Retransmitting IKE request. 193.213.xxx.196, 500 193.213.xxx.2, 500 VPN Policy: GS Bildeler Bergen
04/03/2009 08:58:06.864 Info VPN IKE IKE Responder: Received Main Mode request (Phase 1) 193.213.xxx.2, 500 193.213.xxx.196, 500
I suspect these error messages rely only to vpn communication, but i can not see any other error messages that gives me any reason why the firewall looses internet connection.
This problem is starting to annoy me :), any help is deeply appreciated.
Yours sincerly
Stein Arvid Lid
Do you have a Linux machine available? If so, get and run something like SmokePing, or Nagios. This will keep a regular watch on the remote site via any accessable route (SmokePing pings, of course, but Nagios can be told to check for web server, pop server, etc., when you tell it what to expect).
You need to find out - is the *network* connection dying, is the router dyign, or is the Sonicwall playing up?
If you can't watch it constantly, take some manual ping and traceroute readings when you know the ilne is up, then, next time it's down, run the same tests and compare results.
Do they reboot anythign at the remote site to "fix" it or does it just come back by itself?
Whilst it's down, can you gety them to look at the lights on the router, the firewall, etc? Is there anyone at the remote site who can be tasked to run some tests looking outwards when its' down, e.g. ping the firewall, ping the router, ping an internet server, ping YOUR firewall...
Break it down into simple steps, test each step, narrow down the affected step...
You need to find out - is the *network* connection dying, is the router dyign, or is the Sonicwall playing up?
If you can't watch it constantly, take some manual ping and traceroute readings when you know the ilne is up, then, next time it's down, run the same tests and compare results.
Do they reboot anythign at the remote site to "fix" it or does it just come back by itself?
Whilst it's down, can you gety them to look at the lights on the router, the firewall, etc? Is there anyone at the remote site who can be tasked to run some tests looking outwards when its' down, e.g. ping the firewall, ping the router, ping an internet server, ping YOUR firewall...
Break it down into simple steps, test each step, narrow down the affected step...
Nagios is they way to go. In addition to what ccomley has said, Nagios can do more than ping and check for responses on public ports, it does more complicated stuff like downloading a file and testing it's contents - if it's what you expect then your web server and apps are in good shape, etc. Nagios will also email you on status change (both down and up), and there's a Nagios add-on for Firefox which constantly monitors and alerts you if the browser is open. Nagios will also keep a history.
Steve :)
Steve :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
maybe you have a device on the internet between the two sites that is playing up.. (happens a lot)..
do a traceroute from your site to the end customers.. print it out..
next time the link goes down, do a ping test of about 100 pings to each IP in order from your's to the end site and see which one is playing up.. if none of them are and the vpn is still timing out, i'd be looking at a firmware upgrade on the sonicwall .. then test again..