We help IT Professionals succeed at work.

Can VPN drop due to IPsec config?

hi peeps,

We've got some stores, all of which are using Draytek 2820 routers. They're on ADSL lines. We have them set up to connect by VPN to our Sonicwall NSA 3500 at our head office.

They work fine....at times. However, throughout the day they drop. I changed the Ipsec settings from (ESP) to (AH) in order to somehow reduce the security settings on Ipsec and it seems to have stabilised. My issue though is that when the VPNs drop, in order for me to revive the VPN once more, I have to go into the sonicwall setting and disable and renable the VPN.

Is there a way of automating a function to allow the VPN's to come back up without manual intervention? Is there a setting on here that you can see see which you would modify at all?

I've attached the Pdf files for screenshots of draytek router section and the sonicwall NSA 3500 section.

(I've removed our public facing IP addresses from here purely for security reasons)
Thanks guys

Watch Question

The problem could be caused by a DHCP renewal from the ISP (assuming that they are not static at the stores)
Have you tried to enable ping to the sonicwall on the Draytek, and check "Always On".
If that doesn't work, maybe try Agressive mode.

Hope this helps.


The routers all have public facing static IP addresses.

If I check 'Always On', it doesn't permit the Sonicwall to dial in. It automatically makes the draytek dial out instead. The strange thing is if I choose that option, for some reason it is unable to dial into our Sonicwall.

I wouldn't have thought I have to open any ports on the Sonicwall?

Explore More ContentExplore courses, solutions, and other research materials related to this topic.