IKEv2 muvpn drops on cluster member reboot

I am wondering if I'm missing a setting somewhere. We have a lot of users on IKEv2, and a few on IPsec (using shrew client) MUPVN, whenever I upgrade the firewall, all of them are disconnected. The people on SSL MUVPN do not get dropped.

I had to move one of the firewalls to another circuit and the same thing happened.

The only thing different between the users is the SSL users use an LDAP server, the other users use the firewall database.

Comments

  • edited February 2022

    On the SSLVPN client, there is a checkbox for "Automatically reconnect" which is selected by default, so I believe that this is the reason that the SSLVPN users seem to continue to be connected whereas the others don't

  • edited February 2022

    @Alanon2 said:
    I am wondering if I'm missing a setting somewhere. We have a lot of users on IKEv2, and a few on IPsec (using shrew client) MUPVN, whenever I upgrade the firewall, all of them are disconnected. The people on SSL MUVPN do not get dropped.

    I had to move one of the firewalls to another circuit and the same thing happened.

    The only thing different between the users is the SSL users use an LDAP server, the other users use the firewall database.

    The same happens with bovpn connections during a failover. All ike connections is rekeyed.

    There is some ike/ipsec synchronization (Message Id synchronization, IPsec Replay Counter??) between the members, but i do not know exactly what is synced or if rekeying infact is to be expected.

    /robert

  • Looking at the support log file it seems as all data related to ike/ipsec is synced between members except for phase 1 SA´s.

    But i can very well be wrong here??

Sign In to comment.