RE: S2S VPN: why is a new QM SA negotiated every 5 minutes ?

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sat, 7 Jan 2006 09:23:59 -0800

No; ISA won't "buffer" any traffic - is receives, processes and acts on it 
according to rules.

--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------

-----Original Message-----
From: Tiago de Aviz [mailto:tiago@xxxxxxxxxxxxxxx] 
Sent: Saturday, January 07, 2006 7:34 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: S2S VPN: why is a new QM SA negotiated every 5 minutes ?

http://www.ISAserver.org

Shouldn't ISA buffer packets that are coming thru the tunnel, establish a new 
SA and then keep sending 'em?



Tiago de Aviz
SoftSell - Curitiba
(41) 3340-2363
www.softsell.com.br 
 
Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é 
restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem 
por engano, queira por favor retorná-la ao destinatário e apagá-la de seus 
arquivos. Qualquer uso não autorizado, replicação ou disseminação desta 
mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável 
pelo conteúdo ou a veracidade desta informação.

>>> stefaan.pouseele@xxxxxxxxx 01/07/06 9:47 AM >>>
http://www.ISAserver.org

Hi Jim, 

I've tried KB907259 but that does *not* solve the SA Idle Timeout problem. 

In http://forums.isaserver.org/fb.aspx?m=2002001812 there is some discussion
if the re-negotiation of the QM SA could lead to broken TCP connections
within the VPN tunnel. I would like to hear your opinion on this issue. 

Thanks,
Stefaan 

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: maandag 2 januari 2006 18:13
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: S2S VPN: why is a new QM SA negotiated every 5
minutes ?

http://www.ISAserver.org

I spoke to the guy that worked that problem and wrote the KB.
He suggested that you try it to see if it works for you.
If so, we can get the KB updated to reflect your findings.

--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

• » S2S VPN: why is a new QM SA negotiated every 5 minutes ?
• » RE: S2S VPN: why is a new QM SA negotiated every 5 minutes ?
• » RE: S2S VPN: why is a new QM SA negotiated every 5 minutes ?
• » RE: S2S VPN: why is a new QM SA negotiated every 5 minutes ?
• » RE: S2S VPN: why is a new QM SA negotiated every 5 minutes ?
• » RE: S2S VPN: why is a new QM SA negotiated every 5 minutes ?
• » RE: S2S VPN: why is a new QM SA negotiated every 5 minutes ?
• » RE: S2S VPN: why is a new QM SA negotiated every 5 minutes ?
• » S2S VPN: why is a new QM SA negotiated every 5 minutes ?

1. Home
2. isalist
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---