[Openswan Users] Openswan and Nortel Switch deleting ISAKMP
Paul Wouters
paul at xelerance.com
Thu Aug 3 16:16:57 EDT 2006
On Tue, 1 Aug 2006, Peter McGill wrote:
> It would seem that the problem is bracketed by:
> Jul 27 16:21:44 sheridan pluto[1671]:
> "sunoco-172-26-net-to-london-office-net" #444: received Delete SA payload:
> deleting ISAKMP State #444
> Jul 27 16:21:44 sheridan pluto[1671]: packet from 199.212.129.226:500:
> received and ignored informational message
> ...and...
> Jul 27 17:10:11 sheridan pluto[1671]:
> "sunoco-172-26-net-to-london-office-net" #461: STATE_QUICK_I2: sent QI2,
> IPsec SA established {ESP=>0x0013419d <0xb8629178 xfrm=3DES_0-HMAC_MD5
> NATD=none DPD=none}
I would expect auto=start to immediately restart the deleted connection...
> Has anyone else experienced this? How do I fix it?
Obviously, the other end should not delete the connection, so the fix
is on that end. As a workaround, try:
ikelifetime=30m
This will cause openswan to rekey the isakmp before the nortel expires it
(at around an hour?)
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list