On Sun, 11 Jul 2010 02:34:26 -0500 Matthew Grooms <[email protected]> wrote:
> > Your best bet is to always use matching lifetime values. > Hi Matthew, thanks for the detailed response. Matching the lifetimes has really helped stabilize one of my VPNs. However, for the other VPN, when Phase 1 expires, the VPN breaks. Based on info from Shrew and the gateway it looks like some form of re-authentication is occurring (Shrew seems to re-send PAP). This appears to cause the gateway to assign a new virtual adapter IP, but Shrew does not appear to realize this - at least, the virtual adapter IP on the client does not change and no reference to a new configuration appears in the Shrew iked trace. Is assigning a new IP normal/permitted? Or is this a sign that I haven't quite got the configs right between the client and gateway? For what it's worth, the client is only able to connect if it is set to 'ike config pull'. _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
