I have teleworkers that dial into our 837 vpdn server using the XP L2TP/IPSec client.
Using the version of IOS I have IPSEC seems to prefer to rekey from the
vpdn server side. This causes problems with firewalls nat etc. The connections drops and needs to be re-establised.
The XP L2TP/IPSec client is hardwired to SA lifetime of 3600 secs (1 hr) so I can't increase that. I can't change IPSec SA lifetime on cisco
end as IPSec SA lifetime will always negotiate to the lowest value between the 2 peers.
Is there anyway I can tell the vpdn server to leave rekey to the client
(like rekey=no for open swan). If re-key initiates from the client I have no problems.
I can upgrade IOS is needed.
PS I have googled and cisco tech support until late into the night. Hope I haven't missed the obvious.
Windows XP sp2 L2TP/IPSec with NAT-T update and all latest updates. Cisco IOS Software, C837 Software (C837-K9O3SY6-M), Version 12.3(8)T3