VPN set up over high latency link

joyride_us2 · ‎09-16-2010

Hi,

I am having a hard time setting up an IPSEC tunnel over a high latency link (500+ ms). Any parameter I could play with on the ISAK/IPSEC sides to make this work ?

thank you

Federico Coto Fajardo · ‎09-16-2010

You have a high latency link and you want to set up a tunnel...

Is the tunnel not coming up or not working properly?

If for example it takes 500ms for a packet to get from side A to side B what is that you want to tweak in the ISAKMP/IPsec to fix this?

Wouldn't be better to try to fix the actual latency over the link?

Are you referring to QoS for the VPN traffic?

Federico.

joyride_us2 · ‎09-16-2010

This is a satellite link..can't quite fix it!

And it is not about QoS but IPSEC fine tuning.

thank you for the reply!

Federico Coto Fajardo · ‎09-16-2010

Depending on the platform, IPsec will be done (or can be done) in hardware.

Can chose the less-intensive protocols for IPsec (DES, MD5, D-H group1, etc) but those are the less secure also.

Have you tried setting up the tunnel and see if it works fine already?

Federico.

joyride_us2 · ‎09-16-2010

yes it works otherwise..the ISAK goes to MM_ACTIVE and then right back to MSG_WAIT...