VPN set up over high latency link

Unanswered Question
Sep 16th, 2010
User Badges:

Hi,

I am having a hard time setting up an IPSEC tunnel over a high latency link (500+ ms). Any parameter I could play with on the ISAK/IPSEC sides to make this work ?

thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Thu, 09/16/2010 - 07:40
User Badges:
  • Green, 3000 points or more

You have a high latency link and you want to set up a tunnel...

Is the tunnel not coming up or not working properly?


If for example it takes 500ms for a packet to get from side A to side B what is that you want to tweak in the ISAKMP/IPsec to fix this?

Wouldn't be better to try to fix the actual latency over the link?


Are you referring to QoS for the VPN traffic?


Federico.

joyride_us2 Thu, 09/16/2010 - 07:49
User Badges:

This is a satellite link..can't quite fix it!

And it is not about QoS but IPSEC fine tuning.

thank you for the reply!

Federico Coto F... Thu, 09/16/2010 - 07:55
User Badges:
  • Green, 3000 points or more

Depending on the platform, IPsec will be done (or can be done) in hardware.

Can chose the less-intensive protocols for IPsec (DES, MD5, D-H group1, etc) but those are the less secure also.


Have you tried setting up the tunnel and see if it works fine already?


Federico.

joyride_us2 Thu, 09/16/2010 - 11:08
User Badges:

yes it works otherwise..the ISAK goes to MM_ACTIVE and then right back to MSG_WAIT...

Actions

This Discussion