Hello,<br><br>A partner company is using ISA Server 2006. I have set up an IPSEC tunnel between our sites. In order to do this, I had to establish three tunnels:<br><br>1. A tunnel between the public IP addresses<br>2. A tunnel between my private subnet and their public IP address<br>
3. A tunnel between my public IP address and their private subnet<br><br>The tunnel is working fine most of the time. The problem is that when the remote ISA Server is restarted, OpenSwan does not renegotiate the Phase 1 (IKE) key. Instead, it attempts to reuse the key it obtained before the remote computer was restarted. Consequently, once the remote computer is restarted, OpenSwan cannot bring the tunnel back online. I might note that the ISA Server is able to reestablish its end of the tunnel. My question is, how can I get OpenSwan to bring its end of the tunnel back online when the remote ISA Server is restarted? Assuming my static IP is 1.1.1.1 and their static IP is 2.2.2.2, my VPN config is a follows:<br>
<br>config setup<br> # just use defaults<br><br># Add connections here.<br>conn isa<br> type=tunnel<br> authby=secret<br> ike=3des-sha1-modp1024<br> ikelifetime=8h<br> esp=3des-sha1<br> keylife=1h<br>
keyingtries=%forever<br> pfs=yes<br> pfsgroup=modp1024<br> dpdaction=restart<br> left=1.1.1.1<br> right=2.2.2.2<br> auto=start<br><br>conn isa1<br> leftsubnet=<a href="http://1.1.1.1/32">1.1.1.1/32</a><br>
rightsubnet=<a href="http://192.168.52.0/24">192.168.52.0/24</a><br> also=isa<br><br>conn isa2<br> leftsubnet=<a href="http://192.168.50.0/24">192.168.50.0/24</a><br> rightsubnet=<a href="http://2.2.2.2/32">2.2.2.2/32</a><br>
also=isa<br><br>Best Regards,<br><br>Brandon Rock