IPSec tunnel between ASA and ZyWall disconnects after 45 minutes
I have an issue with stability of a VPN tunnel. I have created a fully functional site-2-site VPN between a ASA 5510 cluster running (8.3.1) and a Zyxel ZyWall 5 running 4.04 firmware.
The tunnel works fine for 45 minutes. A that time, the ASA starts with IKE rekeying. It seems that the ZyWall does not fully understand what the ASA is trying, and decides to drop the Phase1 and Phase2 tunnels. Then, as interesting traffic is offered from either side, the tunnel starts to build up from scratch. The whole process takes a few minutes.
This resembles some issues that CheckPoint has when connecting to an ASA firewall as described in this link.
I'm a bit lost on how to solve this issue (besides replacing the ZyWall with an ASA). Any help would be appreciated.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...