| Mike Drechsler - SPAM PROTECTED EMAIL 2005-10-12, 5:59 pm |
| Vince wrote:
> Sorry, the last tunnel should be:
> Site B <==Tunnel B-C==> Site C
> Router B config for "Tunnel B-C" IKE Profile: "B-C", password: "b2c")
> Router C config for "Tunnel B-C"IKE Profile: "B-C", password: "b2c")
>
> Could there be an issue with the way I am "nailing" the tunnels?
> Should only on side have a "dead peer detection" and/or 24-hour
> scheduled connection and/or 0-value timeout for the tunnel?
Dead peer detection is a bit hit or miss. I start with it disabled and
then add it in if the connection seems unstable. It only helps if the
underlying network has problems though. (ADSL link that goes offline,
occasional packetloss, that kind of thing). If you see constant dead
peer detected messages in the logs you may try turning it off. If the
connection is stable with it disabled then either the dead peer
detection settings were wrong or something wasn't responding to
keepalive messages as expected.
Scheduled connections do nothing for IPSec. This is for PPP style
connections.
Setting the idle to 0 is the correct way to indicate the tunnel should
stay "nailed" up at all times regardless of traffic.
So are your tunnels still renegotiating every few seconds? Have you had
any luck isolating the problem? The last mention you said that both
tunnels from one site were working properly but the connection between
two other sites were still not working. Have you deleted the tunnels
between those two problem sites and tried creating all new settings?
Have you tried calling Netopia to have them look at the problem?
--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
|