|
Posted by Mike on July 27, 2006, 10:18 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi
I have teleworkers that dial into our 837 vpdn server using the XP
L2TP/IPSec client.
Using the version of IOS I have IPSEC seems to prefer to rekey from the
vpdn server side.
This causes problems with firewalls nat etc.
The connections drops and needs to be re-establised.
The XP L2TP/IPSec client is hardwired to SA lifetime of 3600 secs (1
hr) so I can't increase that. I can't change IPSec SA lifetime on cisco
end as IPSec SA lifetime will always negotiate to the lowest value
between the 2 peers.
Is there anyway I can tell the vpdn server to leave rekey to the client
(like rekey=no for open swan). If re-key initiates from the client I
have no problems.
I can upgrade IOS is needed.
PS I have googled and cisco tech support until late into the night.
Hope I haven't missed the obvious.
Mike
using
Windows XP sp2 L2TP/IPSec with NAT-T update and all latest updates.
Cisco IOS Software, C837 Software (C837-K9O3SY6-M), Version 12.3(8)T3
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map