I'm not 100% sure what kind of Cisco is on the other side; I configured
shrew
by importing the .pfc file. Here's a summary of the config options:
- general: hostname and port set, auto config set to "ike config pull"
- client: NAT traversal enabled, keep-alive packet rate 15 secs, ike
fragmentation disabled, all "other options" checked
- phase1: aggressive, group2, auto, key life time limit 86400 secs, 0
data lmit
- phase2: auto, auto, auto, compress disabled, key life time limit 3600
secs, 0 data limit
Symptom:
Sometimes all VPN traffic stops for a minute or so, then after that
things usually work again.
When looking at the "Network" tab of the established connection, it seem
to always show
the number of establish associations as (expired + 2). Then after a
while expired increases
by 1 and that's when things work again.
I'm not sure if it's related, but the shrew client also appears to take
a lot longer to enable the
initial tunnel than the cisco client ( +-30 seconds vs +-3 seconds)
Any idea what the problem is or what to do about it? It's a bit annoying
since the pause is usually long
enough to make my ssh sessions disconnect.
J.
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
