I set the SA life parameter under "Authentication (Phase 1) > Proposal 1" to 537 seconds, and the SA life parameter under "Key Exchange (Phase II) > Proposal 1" to 600 seconds and I'm still encountering the same problem. However, I can at least now tell that the SA renewal for the Authentication Phase is taking 19-24 seconds. The Key Exchange Phase took one second at most but usually wasn't noticeable.
So this problem apparently has to do with the Authentication Phase. I'm using 3DES encryption, Diffie-Hellman Group 2, and hmac-sha1. Would changing any of these parameters possibly help? Graham, what Phase I parameters do you have for that Win98 computer that only has 3-4 second "hiccups"? Also, I'm using GNATBox Flash 3.2.2 and I'm having this problem on both Windows 98 and Win2K Pro (Only OS's I've tried the client on). Thanks, Brian -----Original Message----- From: Graham Jones [mailto:[EMAIL PROTECTED]] Sent: Monday, January 14, 2002 9:09 AM To: [EMAIL PROTECTED] Subject: RE: [gb-users] SA renewal causes Win2K Terminal Client disconnection What platform are you running the mobile VPN client on? With the firewall running version 3.2.1 and a Windows 98SE running the client, we found that the VPN connection "hiccups" for two or three seconds every ten minutes or so, but with a Windows NT4 machine running the client the "hiccup" lasts a minute or more - again occurring every 10 minutes or so. In the latter case a terminal services session will die and have to be restarted. With Firewall version 3.2.0 both client platforms suffered the more extensive hiccup. There is a recommendation to have different values for the SA life parameter in the authentication and key exchange proposals - e.g. 123 and 300 seconds. If you ping -t <target ip behind firewall> from a DOS window you can see the delays. Regards, � -- Graham Jones Linnet Solutions Ltd. [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> 01953 717605 or 077 74 894200
