Help Understanding IPsec ALG
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hello - Can someone help me understand the IPsec ALG option and how it is used?
I have issues with two TL-R600VPN lan-to-lan VPN sites. See:
https://community.tp-link.com/en/business/forum/topic/262046
The sites recently lost their VPN connection again and Site A, the initiator, thinks the connection is restored (Phase 1 of IKE negotiation succeeded, Phase 2 of IKE negotiation succeeded, Set up IPsec connection successfully, Enable DPD successfully), but the remote site only confirms that Phase 1 of IKE negotiation succeeded. After a bit, site A logs that the IPsec connection was disconnected passively. And the connection attempt starts all over again.
This morning, I unselected the IPsec ALG option and the next full attempt to connect the VPN was successful. Since my connection 'dance' issue doesn't happen all the time, I am not yet sure if this ALG change was just a coincidence or the saving factor.
How could the IPsec ALG affect this issue and what is the possible security downside to leaving this ALG unselected while I let time reveal me more?
Thanks.
@urbnsr In theory, this has nothing to do with ALG. You can try to continuously ping the WAN IP of site C on site A to see what the result is. In addition, can you provide information about your network topology and configuration, as well as log? It’s hard to tell where the problem is just from your description