• December 15, 2019, 09:37:03 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DSR-250N does not reconnect to DSR-1000N, status 'IPsec SA Established' ?!!  (Read 7154 times)

RHAD

  • Level 1 Member
  • *
  • Posts: 2

I have setup a central DSR-1000N that connects via IPsec to three remote DSR-250N and two remote DSR-1000N in a star structure.

Initially everything works fine. But after a few weeks two of the DSR-250N started getting troubles to reconnect to the DSR-1000N. The status on de 1000 is  'IPsec SA Not Established' but on the remote site (DSR-250) the status is 'IPsec SA Established', but that is evidently wrong, because I cannot ping from the central location to the LAN of the remote site.

After rebooting the connection comes up, but fails after an hour or so. After rebooting the remote 250, the connection is established again, but fails after an hour or so.

The 250's are all configured the same. Firmware for 1000n's: 1.08B51_WW and on the 250n's: 1.05B73_WW. I've enabled dead pear detection and set NAT keep alive to 20

The other 3 sites (DSR-250 / 1000N) are working fine.

Who has some good ideas to look at?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47991
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Link>Welcome!
  • What Hardware version is your routers? Look at sticker under router.
  • Link>What Firmware version is currently loaded on each? Found on routers web page under status. Are they all the same across each site per model number?
  • What region are you located?

I would check the ISP modem and ISP service and lines where the main host router is connected to to ensure the ISP modem is getting good signal and not dropping during this time frames. Confirm with the ISP that the service and signals are good. Have them physically check the lines and signal. If you have other sites wit the same HW and configurations and they are working and this one site isn't, I would presume there could be ISP service issues.

I would also check LAN cables as well.
« Last Edit: May 25, 2016, 07:56:13 AM by FurryNutz »
Logged
Cable:200mb/10Mb>NetGear C7800>DIR-882>DGS-1100>HP 24pt Gb Switch. COVR-3902/2202/1203,DIR-2680,890L,882,880L,868L,DNR-202L,DNS-345x2,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

RHAD

  • Level 1 Member
  • *
  • Posts: 2

Thans FurryNutx for you quick response. It took some time to get all the information you were asking for, but here it is:

- Firmware for 1000n's: 1.08B51_WW and on the 250n's: 1.05B73_WW . These are the most recent version to my knowlegde
- Hardware version for all routers is A1
- Region: Europe (Netherlands)

ISP says line is fine. I've noticed some drop (< 1%) when pinging.

There are a few things why I think this is an Dlink issue:
- When I reset the remote router, the VPN comes up all the time. So if the line is too bad the VPN cannot come up, but it does
- the remote router does not see that the VPN is down even though dead pear detection is on (the central router seems correctly detecting that the VPN is down)
- the remote router does not initiate a VPN even though dead pear detection is on. It should detect that the VPN is down and initiate a response
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47991
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Ya you have the most recent FW. If your sure the configurations and cabling is good, I would recommend that you phone contact your regional D-Link support office and have them go over the configurations and make see if there could be something missing, if not, possible unit needs to be RMAd.

Keep us posted.
Logged
Cable:200mb/10Mb>NetGear C7800>DIR-882>DGS-1100>HP 24pt Gb Switch. COVR-3902/2202/1203,DIR-2680,890L,882,880L,868L,DNR-202L,DNS-345x2,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting