IPSec IKE Phase II Malfunction
From: Jason Vorbeck (jason_at_actsoft.com)
Date: 01/28/05
- Next message: Yasser Abbass: "Site to Site 2003 to 2000"
- Previous message: Costantino: "Re: ISA 2004 - Site to Site - HTTP Error 500"
- Next in thread: Clint Denham: "RE: IPSec IKE Phase II Malfunction"
- Reply: Clint Denham: "RE: IPSec IKE Phase II Malfunction"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 28 Jan 2005 12:18:42 -0500
I think I may have found a bug in the ISA 2004 site to site IPSec
configuration interface. If you build an IPSec tunnel, and in the IPSec
config Phase II screen you specify to generate a new key (key expiration by
time) by time it does not matter what time you specify the system builds the
tunnel with 1024000 seconds. This can cause a big headache in trying to
determine why you cant successfully establish a tunnel to whatever remote
gateway you are trying to do it with, because in my case the Symantec
Velociraptor does correctly use the specified time expiration interval you
set. The tunnel with not successfully establish unless the IPSec parameters
match on both ends. Fortunately if you turn off the time based rekeying then
it does set the value at 0 so I was able to get the tunnel to establish by
turning off the expiration on both ends. You can see the value inserted into
the tunnel configuration by the interface by right clicking the tunnel and
choosing IPSec policy summary from the dropdown menu. Has anyone seen this
behavior in their tunnel config?? Can anyone reproduce this? Microsoft? I
would like to know if it is truly an error so I can watch for a patch
because I would like to rekey the tunnel based on time over volume.
Thank you,
Jason Vorbeck
- Next message: Yasser Abbass: "Site to Site 2003 to 2000"
- Previous message: Costantino: "Re: ISA 2004 - Site to Site - HTTP Error 500"
- Next in thread: Clint Denham: "RE: IPSec IKE Phase II Malfunction"
- Reply: Clint Denham: "RE: IPSec IKE Phase II Malfunction"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
