This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

rekey=no doesn't work?

Hi,

I have an scenario with ASL 6.3.03 and VPN road warrior connections. I have detected some problems when ASL tries to do the phase one renegotiations, so I tried to force it to never be the initiator. I found it is possible adding to the ipsec.conf file the line "rekey=no", but it doesn't work since when I restart the IPsec service it doesn't save my changes.

There must be something in the ASL that doesn't allow me to change the ipsec.conf file, do you know some way to manage this?. I really appreciate your help with this. Thanks.

-langoleer

This thread was automatically locked due to age.

Parents

0 langoleer over 18 years ago

I don't think so, "rekey=no" is NOT set by default. The ASL always tries to initiate phase one renegotiations even in roadwarriors connections scenarios.

Actually I have found the way to add this parameter to my ipsec.conf, I had to go into the ipsec.conf-default and add the line rekey=no, then rebooted the service and that's it, it works, it adds rekey=no to ipsec.conf. Now I have that I wanted: ASL never tries to initiate phase one renegotiations of the ISAKMP. Thanks.

-langoleer
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 langoleer over 18 years ago

I don't think so, "rekey=no" is NOT set by default. The ASL always tries to initiate phase one renegotiations even in roadwarriors connections scenarios.

Actually I have found the way to add this parameter to my ipsec.conf, I had to go into the ipsec.conf-default and add the line rekey=no, then rebooted the service and that's it, it works, it adds rekey=no to ipsec.conf. Now I have that I wanted: ASL never tries to initiate phase one renegotiations of the ISAKMP. Thanks.

-langoleer
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data