home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.dcom.vpn      VPN protocols, clients, awesomeness      2,348 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 1,775 of 2,348   
   Mike Drechsler - SPAM PROTECTED EMA to Vince   
   Re: 3-site VPN implementation w/Terminal   
   11 Oct 05 20:49:08   
   
   XPost: microsoft.public.windows.terminal_services   
   From: mike-newsgroup@-DELETETHISPART-.upcraft.com   
      
   Vince wrote:   
   > Sorry, the last tunnel should be:   
   > Site B  <==Tunnel B-C==> Site C   
   > Router B config for "Tunnel B-C":(IKE Profile: "B-C", password: "b2c")   
   > Router C config for "Tunnel B-C":(IKE Profile: "B-C", password: "b2c")   
   >   
   > Could there be an issue with the way I am "nailing" the tunnels?   
   > Should only on side have a "dead peer detection" and/or 24-hour   
   > scheduled connection and/or 0-value timeout for the tunnel?   
      
   Dead peer detection is a bit hit or miss.  I start with it disabled and   
   then add it in if the connection seems unstable.  It only helps if the   
   underlying network has problems though.  (ADSL link that goes offline,   
   occasional packetloss, that kind of thing).  If you see constant dead   
   peer detected messages in the logs you may try turning it off.  If the   
   connection is stable with it disabled then either the dead peer   
   detection settings were wrong or something wasn't responding to   
   keepalive messages as expected.   
      
   Scheduled connections do nothing for IPSec.  This is for PPP style   
   connections.   
      
   Setting the idle to 0 is the correct way to indicate the tunnel should   
   stay "nailed" up at all times regardless of traffic.   
      
      
   So are your tunnels still renegotiating every few seconds?  Have you had   
   any luck isolating the problem?  The last mention you said that both   
   tunnels from one site were working properly but the connection between   
   two other sites were still not working.  Have you deleted the tunnels   
   between those two problem sites and tried creating all new settings?   
   Have you tried calling Netopia to have them look at the problem?   
      
      
      
      
      
      
      
   --   
   WARNING!  Email address has been altered for spam resistance.   
   Please remove the -deletethispart-. section before replying directly.   
   Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca