VPN - Re: 3-site VPN implementation w/Terminal Server - Netopia update

This is Interesting: Free IT Magazines  
Home > Archive > VPN > September 2005 > Re: 3-site VPN implementation w/Terminal Server - Netopia update





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Re: 3-site VPN implementation w/Terminal Server - Netopia update
Mike Drechsler - SPAM PROTECTED EMAIL

2005-09-26, 5:53 pm

Vince wrote:
> Mike,
>=20
> Thanks for the reply. All routers ahve the same settings for the
> Advanced IPSec Options:
> Advanced IPsec Options
>=20
> SA Lifetime seconds: 28800
> SA Lifetime Kbytes: 0
> Perfect Forward Secrecy: Yes
> Dead Peer Detection: No
> Maximum Packet Size: 1500
>=20
> These are the defaults, I did not alter them at all during setup.
> Should I alter them, or toggle Dead Peer Detection and have it ping the=

> remote router LAN IP's?
>=20
> (From Firmware 8.5 user guide -
> Note:
> =B7 ICMP Dead Peer Detection is not available when using manual
> re-keying.
> =B7 ICMP Dead Peer Detection does not initiate a series of phase 2
> exchanges instead initiates a new phase 1 negotiation, followed by a
> new phase 2 negotiation
> has been re-established.
> =B7 If you are using Multiple Network IPsec, the IP address of the
> ICMP Dead Peer
> constrained to the set of network ranges defined for the IPsec profile.=
)
>=20

That should be fine.

You can change it to 0 if you like, but it won't make any difference.

I suspect that something in your configuration is not correct.
If you want a quick way of dumping the configuration you can go into the =

main menu and hit CTRL+N to drop into command line mode.

type:
"show config cp"
will dump out all the connection profile settings
Type:
"show config ike"
will dump out all the phase 1 ike details

If you want to be more specific you can just dump a single entry by typin=
g
"show config cp 2"
"show config ike phase1 2"
Will dump entry number 2 for the connection profiles and IKE settings=20
respectively.

typing CTRL+N returns you to menu mode or you can type exit to drop the=20
telnet connection or reset to restart the device. Some other useful=20
commands are "show ip route" to show the routing table. "ping=20
192.168.1.1" is a quick way to run a ping test.


--=20
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com