Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
379
Views
0
Helpful
1
Replies

question about manual key

qs
Level 1
Level 1

‎02-22-2005 05:52 PM

hi

i have a question about manual key

i have two route by own develop, i can establish the vpn tunnel by use manual key . and test icmp traffic from left route to right route , it is ok .

and then , the left route continue send encrypt icmp traffic to right, and change the manual key of right route ,now , the right route dropped encrypt icmp traffic , beacause the manual key of left route can't be matched.

after some packets , i recover the correct maunal key in right route , but the left route can't receive encrypt icmp reply traffic from right route successfully

i find the left route send esp packet with large seqnumber , and right route reply esp packest with min seqnumber ,because the right route make a new ipsec sa , thus the left route receive the esp pakcet with min-seqnumber from right route

because it is manual key , the left route can't know that the right route have changed ipsec sa , the left keep the ipsec sa , and the seq number window is so large that can't match the esp seq number of right route, so left route will dropped the esp packtes .

who can tell me how resolve this problem ?

thanks!!

Labels:
0 Helpful
1 Reply 1

umedryk
Level 5
Level 5

‎03-01-2005 09:25 AM

this may not be the issue with manual key at all, this could be due to some timer configured on either or both sides of VPN

0 Helpful
Customers Also Viewed These Support Documents