Firebox IKEv2 connection getting closed after 20-30 minutes

tetwatchguard

I've successfully established a connection with a Firebox IKEv2 VPN. The peer system is an Ubuntu v22 environment running StrongSwan version U5.9.5/K5.19.0-1025-aws.
Problem: The logs indicate the connection is consistently being terminated by the Firebox after about 20-30 minutes.

Is there any common issues that would cause this? Suggestions or ideas would be appreciated. I'm not the admin of the Firebox system but I'm simply looking for possible solutions to pass along to him.

Log:
Notice the repeated pattern: 20 minutes of keep alives from the peer (ubuntu client) then, a packet received from the firebox (33.44.55.123) then it indicates it "received delete", then the connection is killed.

Sep  6 14:35:19 ip-172-31-89-153 ipsec[439194]: 16[IKE] <XYZ-IKEv2-VPN|1> sending keep alive to 33.44.55.123[4500]
Sep  6 14:35:39 ip-172-31-89-153 ipsec[439194]: 11[IKE] <XYZ-IKEv2-VPN|1> sending keep alive to 33.44.55.123[4500]
Sep  6 14:35:59 ip-172-31-89-153 ipsec[439194]: 07[IKE] <XYZ-IKEv2-VPN|1> sending keep alive to 33.44.55.123[4500]
Sep  6 14:36:19 ip-172-31-89-153 ipsec[439194]: 09[IKE] <XYZ-IKEv2-VPN|1> sending keep alive to 33.44.55.123[4500]
Sep  6 14:36:20 ip-172-31-89-153 ipsec[439194]: 08[NET] <XYZ-IKEv2-VPN|1> received packet: from 33.44.55.123[4500] to 172.31.89.153[4500] (80 bytes)
Sep  6 14:36:20 ip-172-31-89-153 ipsec[439194]: 08[ENC] <XYZ-IKEv2-VPN|1> parsed INFORMATIONAL request 0 [ D ]
Sep  6 14:36:20 ip-172-31-89-153 ipsec[439194]: 08[IKE] <XYZ-IKEv2-VPN|1> received DELETE for IKE_SA XYZ-IKEv2-VPN[1]
Sep  6 14:36:20 ip-172-31-89-153 ipsec[439194]: 08[IKE] <XYZ-IKEv2-VPN|1> deleting IKE_SA XYZ-IKEv2-VPN[1] between 172.31.89.153[GH_Remote]...33.44.55.123[O=WatchGuard, OU=Fireware, CN=ike2muvpn Server]
Sep  6 14:36:20 ip-172-31-89-153 ipsec[439194]: 08[IKE] <XYZ-IKEv2-VPN|1> IKE_SA XYZ-IKEv2-VPN[1] state change: ESTABLISHED => DELETING
Sep  6 14:36:20 ip-172-31-89-153 ipsec[439194]: 08[IKE] <XYZ-IKEv2-VPN|1> IKE_SA deleted
Sep  6 14:36:20 ip-172-31-89-153 ipsec[439194]: 08[ENC] <XYZ-IKEv2-VPN|1> generating INFORMATIONAL response 0 [ ]
Sep  6 14:36:20 ip-172-31-89-153 ipsec[439194]: 08[NET] <XYZ-IKEv2-VPN|1> sending packet: from 172.31.89.153[4500] to 33.44.55.123[4500] (80 bytes)
Sep  6 14:36:20 ip-172-31-89-153 ipsec[439194]: 08[IKE] <XYZ-IKEv2-VPN|1> IKE_SA XYZ-IKEv2-VPN[1] state change: DELETING => DESTROYING

james.carson

Check to see if there's anything that might be adding that into the connection. (We often see ISP devices with an "ESP ALG" enabled that will try to manage IKE connections. It's also worth checking if the router at the remote location has anything set up to deny or control IKE/IPSec connections.