DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
2960 VPN is up but cannot print until reboot
- chatty
- Topic Author
- Offline
- Banned
Less
More
- Posts: 3
- Thank you received: 0
24 Nov 2014 14:17 #81906
by chatty
2960 VPN is up but cannot print until reboot was created by chatty
HI All
I've invested in a coupleof 2960's mainly for their highrer throughput on the IPSEC LAN-LAN side. I'm having an issue with both routers at different sites in that after a day or so even though the VPN tunnel is up and running as users are logging in remotely the users cannot print through the tunnel and I cannot access anything on the network through the tunnel. I can ping the router's gaeway IP OK. This is resolved when I drop the tunnel and bring it up again and i am having to do this every day or so. I have not changed any of the key life times so this is standard or chnaged any other default setting.
I previously used the 2830's with no issues at all so am finding this quite frustrating. I am using 3DES and SHA/MD5.
Any help appreciated.
Thanks
I've invested in a coupleof 2960's mainly for their highrer throughput on the IPSEC LAN-LAN side. I'm having an issue with both routers at different sites in that after a day or so even though the VPN tunnel is up and running as users are logging in remotely the users cannot print through the tunnel and I cannot access anything on the network through the tunnel. I can ping the router's gaeway IP OK. This is resolved when I drop the tunnel and bring it up again and i am having to do this every day or so. I have not changed any of the key life times so this is standard or chnaged any other default setting.
I previously used the 2830's with no issues at all so am finding this quite frustrating. I am using 3DES and SHA/MD5.
Any help appreciated.
Thanks
Please Log in or Create an account to join the conversation.
- takeo_ischi
- Offline
- Junior Member
Less
More
- Posts: 93
- Thank you received: 0
24 Nov 2014 18:38 #81908
by takeo_ischi
I'm sorry this won't be of help, but in case anyone else finds this, 3DES and MD5 hashing are both insecure and shouldn't really be used.
Replied by takeo_ischi on topic Re: 2960 VPN is up but cannot print until reboot
HI Allchatty wrote:
I've invested in a coupleof 2960's mainly for their highrer throughput on the IPSEC LAN-LAN side. I'm having an issue with both routers at different sites in that after a day or so even though the VPN tunnel is up and running as users are logging in remotely the users cannot print through the tunnel and I cannot access anything on the network through the tunnel. I can ping the router's gaeway IP OK. This is resolved when I drop the tunnel and bring it up again and i am having to do this every day or so. I have not changed any of the key life times so this is standard or chnaged any other default setting.
I previously used the 2830's with no issues at all so am finding this quite frustrating. I am using 3DES and SHA/MD5.
Any help appreciated.
Thanks
I'm sorry this won't be of help, but in case anyone else finds this, 3DES and MD5 hashing are both insecure and shouldn't really be used.
Please Log in or Create an account to join the conversation.
- chatty
- Topic Author
- Offline
- Banned
Less
More
- Posts: 3
- Thank you received: 0
24 Nov 2014 18:50 #81910
by chatty
Replied by chatty on topic Re: 2960 VPN is up but cannot print until reboot
What should be used?
Please Log in or Create an account to join the conversation.
- takeo_ischi
- Offline
- Junior Member
Less
More
- Posts: 93
- Thank you received: 0
24 Nov 2014 20:53 #81913
by takeo_ischi
AES/Twofish and the highest SHA you can (unfortunately, on the 28xx family I believe the highest is SHA-1, which is somewhat vulnerable already )
I presume that when the link goes down, computers on either side can't ping each other?
Also, always on/keep alive sometimes caused me problems. Perhaps you should try different combinations? What currently works for me is for the host (dial-in) router to have neither always on or enable ping enabled, and for the client (dial-out) router to have "always on" only checked.
Replied by takeo_ischi on topic Re: 2960 VPN is up but cannot print until reboot
What should be used?chatty wrote:
AES/Twofish and the highest SHA you can (unfortunately, on the 28xx family I believe the highest is SHA-1, which is somewhat vulnerable already
I presume that when the link goes down, computers on either side can't ping each other?
Also, always on/keep alive sometimes caused me problems. Perhaps you should try different combinations? What currently works for me is for the host (dial-in) router to have neither always on or enable ping enabled, and for the client (dial-out) router to have "always on" only checked.
Please Log in or Create an account to join the conversation.
- chatty
- Topic Author
- Offline
- Banned
Less
More
- Posts: 3
- Thank you received: 0
25 Nov 2014 09:42 #81917
by chatty
Replied by chatty on topic Re: 2960 VPN is up but cannot print until reboot
Hi
It's the 2960 I have and all other applications including email, logging into termainal services via the VPN is OK. The printers are on a print server and are mapped via GP to the user. The user can see the printer so these have been mapped but cannot print. Ping works to the gateway only, nothing beyond until I bring down/up th etunnel.
Thanks
Chatty
It's the 2960 I have and all other applications including email, logging into termainal services via the VPN is OK. The printers are on a print server and are mapped via GP to the user. The user can see the printer so these have been mapped but cannot print. Ping works to the gateway only, nothing beyond until I bring down/up th etunnel.
Thanks
Chatty
Please Log in or Create an account to join the conversation.
Moderators: Sami
Copyright © 2024 DrayTek