This is an issue I have been struggling with for a year. The config is as follows,
I have several users with thin clients at location X with one ethernet enabled printer. They are connecting to the main office at location Y via Citrix through IPSec VPN. The printer at location X is connected to a Windows print server at location Y. There is an IPSec VPN tunnel established between print server at location Y and printer at location X.
Cisco is at location Y, WatchGuard at location X. The tunnel timeout is set to 8,192KB. Printing works great until the key expiry is within 1,500KB of the timeout. At this point printing stops. The only thing that works is to manually reset the tunnel at the WatchGuard to some number other than8,192KB. When the tunnel approaches approx. 1,500KB (can be as low as 62KB or as high as 6,000KB) printing stops, manual reset, etc. etc. This occurs twice a day on average.
WatchGuard and Cisco are not being very coooperative in solving this issue. Is this simply a question of changing our key negotiation from data to time?
An ideas would be appreciated.