09-16-2010 03:28 AM
Hi,
I am having a hard time setting up an IPSEC tunnel over a high latency link (500+ ms). Any parameter I could play with on the ISAK/IPSEC sides to make this work ?
thank you
09-16-2010 07:40 AM
You have a high latency link and you want to set up a tunnel...
Is the tunnel not coming up or not working properly?
If for example it takes 500ms for a packet to get from side A to side B what is that you want to tweak in the ISAKMP/IPsec to fix this?
Wouldn't be better to try to fix the actual latency over the link?
Are you referring to QoS for the VPN traffic?
Federico.
09-16-2010 07:49 AM
This is a satellite link..can't quite fix it!
And it is not about QoS but IPSEC fine tuning.
thank you for the reply!
09-16-2010 07:55 AM
Depending on the platform, IPsec will be done (or can be done) in hardware.
Can chose the less-intensive protocols for IPsec (DES, MD5, D-H group1, etc) but those are the less secure also.
Have you tried setting up the tunnel and see if it works fine already?
Federico.
09-16-2010 11:08 AM
yes it works otherwise..the ISAK goes to MM_ACTIVE and then right back to MSG_WAIT...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: