Updated on 2024-07-23 GMT+08:00

How Can I Prevent VPN Disconnections?

VPN connections are renegotiated when the IPsec SA lifetime is about to expire or the data transmitted through a VPN connection exceeds 20 GB. Usually, renegotiation does not interrupt VPN connections.

Most disconnections are caused by incorrect configurations at the two ends of the VPN connection or renegotiation failures due to Internet exceptions.

Common causes of disconnections are as follows:

  • ACLs at both ends of the VPN connection do not match.
  • SA lifetime settings at both ends of the VPN connection are different.
  • Dead Peer Detection (DPD) is not configured on the device in your on-premises data center.
  • Configuration is modified when the VPN connection is in use.
  • Jitter occurs on the carrier's network.

As such, ensure that the following VPN configurations are correct to keep VPN connections alive:

  • At the two ends of the VPN connection, the local and customer subnet configurations are reversed.
  • SA lifetime settings at both ends of the VPN connection are the same.
  • DPD is enabled on the on-premises gateway device, and the number of detection times is 3 or more.
  • Parameters are modified at both ends of the VPN connection during the use of the VPN connection.
  • Set TCP MAX-MSS to 1300 for the on-premises gateway device.
  • The bandwidth of the on-premises gateway device is large enough for the VPN connection.
  • VPN connection negotiation can be triggered by both ends and active negotiation has been enabled on the on-premises gateway device.