Greetings. So this is a weird one. At random times (Perhaps once a month) the VPN at the hub location in a hub and spoke VPN will go down. The internet is up at the location but the VPN tunnel itself does not pass any packets. This happens in multiple VPN modes (ipsec, manual mode,etc). We attempt to bring the tunnel up and down on all ends and it still does not come up. The only way to fix it (with manual authentication) is to change a single digit on the spi incoming and outgoing keys and then the tunnel comes up and stays up for another month. This also happens with a VPN setup in tunnel mode to AWS. Packets just stop passing to the remote VPN endpoints (the VPN actually shows up and enabled). I do not understand why simply changing the spi keys in manual auth mode solves the issue for a short time. The same thing happens with ipsec with preshared secret. Oddly there is nothing in the logs indicating any issues. this is a tz470 with all the latest firmware.
very bizarre. It seems like Spectrum just stops allowing packets to pass for some reason. .
we have a bunch of these sonicwalls out there and have never seen this one
Seen this before many times, I can’t explain exactly why without detail but some things to look at. Keep alive needs to live on the spokes not the hub. Minimize the logging level for vpn issues on the hub, I know it sounds backwards but trust me. What you are seeing when you make changes to the tunnel and it come up for awhile is you are pulling it apart and rebuilding it, different then starting and stopping. I’m guessing there are a few things slightly misconfigured that manifest over time. This will lead to excessive logging. Again knowing next to nothing about your config this is a starting point to get you stable.
We have similar issue with spectrum and sophos we too think it’s a spectrum issue as everything else checks out normally
Review the Spectrum Modem settings and also increase or decrease the Life Time in the Proposals. In the modem settings there are many settings that come enabled by default including passthroughs and some other security services. Make sure you have selected the correct Exchange as well (Main/Agressive).
The only other thing that comes to mind is that Spectrum (just like Frontier FIOS) has updated their equipment in some areas. I had a situation that was similar, and when I contacted Tech support, they let me know I was on an “older modem” and a new type was sent out with newer firmware. Once that happened, all was good.
Thanks for the response. I will triple check all the settings to see if we missed anything. We have set many of these up and it is pretty straightforward. Much appreciate your input and thank you.
we have about 40+ sites with sonicwall and Sophos using spectum and have never seen this issue . Very odd. No double natting, etc going on. Next step is to engage spectrum but this one a voodoo
Thanks for the reply. We will triple check all the settings on the VPN tunnels as well as the overall VPN settings in general .
I am suspecting the modem as well since it is older. The typical settings on the model like disabling sipalg and enabling routed bridge mode are enabled.
Thanks again
Sounds good. I worked for them in various roles on and off since 2007, I’ve seen all the things. I’ve given you some basic things to look at but PM me if you’re still struggling after checking. I can provide more advice with more details from you.
You’re welcome and Keep us updated please 
