Rekey failure between Windows XP L2TP?IPSec and Cisco vpdn

Discussion in 'Cisco' started by Mike, Jul 27, 2006.

  1. Mike

    Mike Guest

    Hi

    I have teleworkers that dial into our 837 vpdn server using the XP
    L2TP/IPSec client.


    Using the version of IOS I have IPSEC seems to prefer to rekey from the

    vpdn server side.
    This causes problems with firewalls nat etc.
    The connections drops and needs to be re-establised.


    The XP L2TP/IPSec client is hardwired to SA lifetime of 3600 secs (1
    hr) so I can't increase that. I can't change IPSec SA lifetime on cisco

    end as IPSec SA lifetime will always negotiate to the lowest value
    between the 2 peers.


    Is there anyway I can tell the vpdn server to leave rekey to the client

    (like rekey=no for open swan). If re-key initiates from the client I
    have no problems.


    I can upgrade IOS is needed.


    PS I have googled and cisco tech support until late into the night.
    Hope I haven't missed the obvious.


    Mike


    using


    Windows XP sp2 L2TP/IPSec with NAT-T update and all latest updates.
    Cisco IOS Software, C837 Software (C837-K9O3SY6-M), Version 12.3(8)T3
    Mike, Jul 27, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Angie
    Replies:
    1
    Views:
    826
    Phillip Remaker
    Nov 16, 2003
  2. Mike
    Replies:
    0
    Views:
    626
  3. Mike
    Replies:
    0
    Views:
    1,088
  4. AM
    Replies:
    1
    Views:
    540
  5. AM
    Replies:
    0
    Views:
    440
Loading...

Share This Page