Nortel 1010 Guía Del Usuario
Chapter 8 Configuring IPSec mobility and persistent mode 153
Nortel VPN Router Configuration — Basic Features
When operating in IPSec mobility mode with split tunneling enabled, the Nortel
VPN Client does not consider the routing table to be maliciously altered and will
not bring down the tunnel in the following cases:
VPN Client does not consider the routing table to be maliciously altered and will
not bring down the tunnel in the following cases:
•
IP address change for any adapter
•
Adapter has been removed
•
Adapter is plugged in and connects
Initial contact payload (ICP)
If the Nortel VPN Client fails to notify the Nortel VPN Router of the logoff or
tunnel termination due to network problems (such as, the interface went down
before sending logoff sequence), the client's session could still be in the session
table for a period of time specified by the Idle Timeout. If the client tries to
reconnect and the previous session has not expired yet, the client would not be
able to log in, as only one active session is allowed per user by default.
tunnel termination due to network problems (such as, the interface went down
before sending logoff sequence), the client's session could still be in the session
table for a period of time specified by the Idle Timeout. If the client tries to
reconnect and the previous session has not expired yet, the client would not be
able to log in, as only one active session is allowed per user by default.
The Initial Contact Payload feature could be used in this situation to clear up old
sessions. This feature allows the server to terminate an old session if a new session
has the same user ID as the old one.
sessions. This feature allows the server to terminate an old session if a new session
has the same user ID as the old one.
Beginning with version 5.01, the Nortel VPN Client always sends the Initial
Contact Payload; such behavior could be accepted or rejected by the Nortel VPN
Router based on the VPN Router configuration. The “Accept ISAKMP Initial
Contact Payload” parameter configured per group specifies Nortel VPN Router
action towards received initial contact payload.
Contact Payload; such behavior could be accepted or rejected by the Nortel VPN
Router based on the VPN Router configuration. The “Accept ISAKMP Initial
Contact Payload” parameter configured per group specifies Nortel VPN Router
action towards received initial contact payload.
Note: With IPC the server cannot identify the session to terminate if a
user is logged in multiple times. Nortel recommends using IPC when the
max login is set to 1.
user is logged in multiple times. Nortel recommends using IPC when the
max login is set to 1.