Question

Hi,

we have a RUT240 with an IPSec config up and running. But how can we stop it from re-establishing the tunnel if it's actively dropped from the other side?

After a reboot the tunnel is (as expected) down. We initiate an inbound connection to the RUT240, tunnel get's up, after 900s (short-hold timer) without traffic the other gateway disconnects the tunnel, the RUT240 re-establishes the tunnel everytime if it's disconnected from the other side.
There is no keep-alive option to disable as written in the Wiki.

• FW ver.: RUT2XX_R_00.01.10

• IKEv1 aggressive mode, on startup "Route"

Answer 1

Hello,

Have you enabled "Dead Peer Detection" option on your RUT240?

If yes, then you can try modifying "Delay" and "Timeout" value or simply disabling "Dead Peer Detection".

Answer 2

In the ipsec negotiation, proposals do the keys match for lifetime association and for any idle and session timeout. Also, the ipsec session may disconnect since it relies on interesting traffic. Without traffic going down the tunnel, it will close until some attempt to.

Grab the setting off both (when you can) and review them, ensure the lifetime of the connections are the same.

One test I would suggest, keep a continuous going from one side to another device on the other side, this should maintain the tunnel. And obviously, it plays a role which VPN you use. So make sure to read a VPN comparison from vpnwelt or any other trustful resource - depending on your preferences and needs.