Troubleshoot VPN tunnel inactivity or instability issues (2024)

I'm observing inactivity, instability, or intermittent connectivity issues with the AWS Virtual Private Network (VPN) tunnels on my customer gateway device.

Resolution

Common reasons for AWS VPN tunnel inactivity or instability on a customer gateway device include the following:

Check DPD settings

If a VPN peer doesn't respond to three successive DPDs, then the peer is considered dead, and the tunnel is closed.

If your customer gateway device has DPD turned on, then be sure that the following are true:

  • It's configured to receive and respond to DPD messages
  • It isn't too busy to respond to DPD messages from AWS peers
  • It isn't rate limiting DPD messages because IPS features are turned on in the firewall
  • It doesn't have internet transit issues

Troubleshoot idle timeouts

If you're experiencing idle timeouts that are caused by low traffic on a VPN tunnel, then check the following:

  • Confirm that there's constant bidirectional traffic between your local network and your virtual private cloud (VPC). If necessary, create a host that sends ICMP requests to an instance in your virtual private cloud (VPC) every 5 seconds.
  • Review your VPN device's idle timeout settings using information from your device's vendor. If there's no traffic through a VPN tunnel for the duration of your vendor-specific VPN idle time, then the IPsec session ends. Check your vendor documentation for your specific device.

Troubleshoot rekey issues for phase 1 or phase 2

If you're experiencing rekey issues that are caused by phase 1 or phase 2 mismatch on a VPN tunnel, then check the following:

  • Review the phase 1 or phase 2 lifetime fields on the customer gateway. Make sure that these fields match the AWS parameters. It's a best practice to uncheck parameters in the VPN tunnel options that aren't needed with the customer gateway for the VPN connection.
  • Make sure that perfect forward secrecy (PFS) is activated on the customer gateway device. PFS is activated on the peer on the AWS side, by default.
  • Make sure that inbound traffic to UDP ports 500 [IKE], 4500 [NAT-T], and IP 50 [ESP] on the customer gateway allow rekeys for the AWS endpoint.

Note: The IKEv2 lifetime value field is independent of peers. So, if you set a lower lifetime value, then the peer always initiates the rekey.

For more information, see Tunnel options for your Site-to-Site VPN connection and Your customer gateway device.

Troubleshoot intermittent connectivity issues

Intermittent connectivity issues might be caused by the policy based configuration on your customer gateway device. You might also experience intermittent connectivity issues because you're using multiple encryption domains or proxy-IDs.

  • Limit the number of encryption domains (networks) that have access to your VPC. If you have more than one encryption domain behind your VPN's customer gateway, then configure them to use a single security association. To check if multiple security associations exist for your customer gateway, see Troubleshooting your customer gateway device.
  • Configure your customer gateway device to allow any network behind the customer gateway (0.0.0.0/0) with a destination of your VPC Classless Inter-Domain Routing (CIDR) to pass through the VPN tunnel. This configuration uses a single security association, which improves tunnel stability. This configuration also allows networks that aren't defined in the policy to access the VPC.

For more information, see How do I troubleshoot connection problems between an AWS VPN endpoint and a policy-based VPN?

Related information

The VPN tunnel between my customer gateway and my virtual private gateway is Up, but I am unable to pass traffic through it. What can I do?

Troubleshoot VPN tunnel inactivity or instability issues (2024)

FAQs

How do I reset my VPN tunnel? ›

In the portal, go to the virtual network gateway that you want to reset. On the Virtual network gateway page, in the left pane, scroll down to Reset. On the Reset page, select Reset.

What does it mean when VPN tunnels fail? ›

This could occur because one of the network devices (such as a firewall, NAT, or router) between your computer and the remote server is not configured to allow VPN connections. Contact your administrator or your service provider to determine which device is causing the problem.

How do I know if my VPN tunnel is working? ›

How do I check if a VPN is working? Visit websites such as WhatIsMyIP or IPLocation to see your original IP address. After connecting to a VPN, revisit the IP address checking website to recheck your IP address. The VPN works if the displayed IP address differs from your original IP address.

What is blocking my VPN connection? ›

VPNs typically get blocked due to government censorship, copyright concerns, streaming location restrictions, or school and workplace restrictions.

How do I check VPN connection? ›

To see if you're connected to the VPN while you're doing things on your PC, select the Network icon (either or ) on the far right of the taskbar, then see if the VPN connection says Connected.

How do you reset your VPN connection? ›

Reset the VPN connection: Disconnect from the VPN entirely and reconnect. Sometimes, simply reestablishing the connection can resolve server-related issues. Review security settings: Your firewall or antivirus software might be blocking the connection to the server.

How do I refresh my VPN IP address? ›

When connecting to a server, your connection is assigned an IP address automatically. But what if you wanted to use a different IP address? Without changing servers, you can refresh the IP address assigned to you by disconnecting and reconnecting to the same server.

What is the reason for VPN tunnel down? ›

Verify configuration, i.e., verify that the VPN Domain is valid and that the Rule Base and VPN Community are properly configured. (source and destination machines are in the VPN Domain.) Check for routing problems and confirm traffic between two Security Gateways.

How do I troubleshoot a remote VPN? ›

Go to Control Panel > Network and Internet > Network Connections, open the properties for your VPN Profile, and check to make sure the value in the General tab can publicly resolve through DNS. If not, the Remote Access server or VPN server being unable to resolve to an IP address is likely the cause of the issue.

When VPN connected no internet? ›

The likely causes for these issues include: Poor connectivity at the chosen VPN server location. Interference by internet service providers for certain VPN protocols. Interference from your antivirus or online security application's outgoing packet transmission.

Top Articles
‘Pay to Quit’ Jeff Bezos offered ₹4 lakh to Amazon employees to resign: Report
Quant (QNT) Price Prediction & Forecast 2024, 2025, 2026-2030 | Binance
Junk Cars For Sale Craigslist
Google Sites Classroom 6X
Boggle Brain Busters Bonus Answers
Hendersonville (Tennessee) – Travel guide at Wikivoyage
Gameplay Clarkston
Southland Goldendoodles
Ohiohealth Esource Employee Login
Gfs Rivergate
General Info for Parents
More Apt To Complain Crossword
Craigslist Alabama Montgomery
Tcgplayer Store
Buff Cookie Only Fans
Slope Tyrones Unblocked Games
St Maries Idaho Craigslist
Race Karts For Sale Near Me
How Long After Dayquil Can I Take Benadryl
Rs3 Ushabti
Regina Perrow
Hesburgh Library Catalog
Visit the UK as a Standard Visitor
Frank Vascellaro
Ewg Eucerin
Bridgestone Tire Dealer Near Me
The value of R in SI units is _____?
Kokomo Mugshots Busted
Pitco Foods San Leandro
Frostbite Blaster
Terrier Hockey Blog
Mcgiftcardmall.con
Froedtert Billing Phone Number
Citibank Branch Locations In Orlando Florida
Casamba Mobile Login
Three V Plymouth
Cocorahs South Dakota
Does Target Have Slime Lickers
Trending mods at Kenshi Nexus
26 Best & Fun Things to Do in Saginaw (MI)
Willkommen an der Uni Würzburg | WueStart
American Bully Puppies for Sale | Lancaster Puppies
Wisconsin Volleyball titt*es
Online College Scholarships | Strayer University
Ronnie Mcnu*t Uncensored
Suppress Spell Damage Poe
Guy Ritchie's The Covenant Showtimes Near Look Cinemas Redlands
Game Like Tales Of Androgyny
Appsanywhere Mst
Festival Gas Rewards Log In
Taterz Salad
login.microsoftonline.com Reviews | scam or legit check
Latest Posts
Article information

Author: Kelle Weber

Last Updated:

Views: 5917

Rating: 4.2 / 5 (73 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Kelle Weber

Birthday: 2000-08-05

Address: 6796 Juan Square, Markfort, MN 58988

Phone: +8215934114615

Job: Hospitality Director

Hobby: tabletop games, Foreign language learning, Leather crafting, Horseback riding, Swimming, Knapping, Handball

Introduction: My name is Kelle Weber, I am a magnificent, enchanting, fair, joyous, light, determined, joyous person who loves writing and wants to share my knowledge and understanding with you.