Hello,
we have problems with our TRB140, of which we have over 100 units in use.
Over time, 3 different firmware versions are in use. All TRB set up an IPSEC Site2Site VPN to the HQ by LTE and connect to one and the same PaloAlto firewall (PA-820) where they all are subject to the same set of rules there.
The following versions are used
00.01.05
02.06.1
07.01.2
All routers, regardless of fw, have the following settings
Due to the changing IP of the LTE connection, only TRB can initiate the tunnel setup - so we we are using AGGRESSIVE Mode.
And now the problems :-)
The data behind the TRB are retrieved from the HQ in a PULL process, which rolls over each location.
If a TRB operated with the fw 02.06.1 or higher and no data is requested for a certain period, the tunnel is cleared down. With a bit of luck, the TRB will rebuild it after the lifetime has expired - as a fallback, all routers restart at 11:00 pm
We were not able to test the stability under IKEv2 becauce oft he problems from above
As a workaround, we ping all TRBs every 5 minutes - but this consumes unnecessary traffic which we absolutely must avoid.
Does anyone have any ideas on how we can troubleshoot further?