Reky Failure XP l2tp/ipsec client and vpdn


I have teleworkers that dial into our 837 vpdn server using the XP L2TP/IPSec client.

Using the version of IOS I have IPSEC seems to prefer to rekey from the vpdn server side. This causes problems with firewalls nat etc. The connections drops and needs to be re-establised.

The XP L2TP/IPSec client is hardwired to SA lifetime of 3600 secs (1 hr) so I can't increase that. I can't change IPSec SA lifetime on cisco end as IPSec SA lifetime will always negotiate to the lowest value between the 2 peers.

Is there anyway I can tell the vpdn server to leave rekey to the client (like rekey=no for open swan). If re-key initiates from the client I have no problems.

I can upgrade IOS is needed.

PS I have googled and cisco tech support until late into the night. Hope I haven't missed the obvious.



Windows XP sp2 L2TP/IPSec with NAT-T update and all latest updates. Cisco IOS Software, C837 Software (C837-K9O3SY6-M), Version 12.3(8)T3

Reply to
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.