VPN Connectivity to NS25 Unstable (inc error logs)

[Acoustech]

We use the Netscreen 8.7 remote VPN client. It seems very unstable right now for all of our users. Netscreen tech support claim it's normal.

1. Here is the message on firewall:

info VPN monitoring for VPN Global Users Tunnel has deactivated the SA with ID 0x0000809b

2. Here is message detail from Netscreen error description:

VPN monitoring for VPN <name_str> has deactivated the SA with ID <number>.

Phase 2 SA for tunnel ID <id_num> has been idle too long. Deactivated P2 SA and sent a Delete msg to peer.



3. Here is what client is doing after getting notification from Firewall:

Deleting IPSec SA (OUTBOUND SPI = C2B8CB8F INBOUND SPI = A07DFEDF)

 

[MaxPipeline]

Do you have VPN monitoring enabled on the firewall? It appears that you do. VPN monitoring is really meant for site-to-site VPNs between two Netscreen devices. It is not recommended for dial-up VPNs. Try disabling VPN monitoring and that should stabilize your VPNs.

 

[Packet7]

Hi,

I agree with Max. The VPN Monitor might be downing the tunnel. If that doesn't work, try and paste the info found in the Netscreen Remote log and I will have a look.

Rgds,

John

 

[Acoustech]

Thank you both. We will try this and let you know how it goes. Your help is much appreciated!