USG 310/IPSec Error Packet(UDP) cannot be sent. reason: Network congestion

WiSy
WiSy Posts: 5
First Anniversary Friend Collector First Comment
edited April 2021 in Security

Hello,

due to the current Homeoffice situation my company is running a lot more VPN Connections then usual.

Usually we are running about 6 or 7 IPSec IKE/IKev2 Site2Site Connections and about 5-10 IKEv2 Client2Site.

Now we have round about 20 additional Client2Site Connections and everything was running fine for 2 weeks until yesterday.

Suddenly some VPNs (S2S and C2S) disconnected and were unable to reconnect until we rebooted the firewall.

I noticed these Error in the Logs:

Any Ideas/suggestions?

Accepted Solution

All Replies

  • WiSy
    WiSy Posts: 5
    First Anniversary Friend Collector First Comment

    Hi @Zyxel_Jerry

    I disabled BWM but issue still persists.

    All IKE Site2Site get randomly dropped at the same time an are unable to reconnect until I reboot the Device.

    IKEv2 Connections still working.

    I noticed this entry in the log


    Tunnel [IKE_NRW_Gateway:WISY-NRW:0x2c0aee2a] built successfully

    41  2020-04-08 11:06:27 x.x.49.237:4500    x.x.184.39:4500


    x.x.49.237 is the wrong IP for that Gateway, something is getting mixed up there.

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,026  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @WiSy

    Can you collect diagnose info and IKE log when the log displayed “network congestion and send it to us via private message?

    Here is the step to collect diagnose info.

    Go to Maintainance > Diagnostics > Diagnostics > Collect > Click Collect now

    After 5~10 minutes 

    Go to > Maintenance Diagnostics > Diagnostics > Files > Select the diaginfo > Click Download

    Here is the step to collect IKE log

    Go to Monitor > Log > View Log > select IKE category

    Can you also provide remote access to the device via private message?

Security Highlight