Nortel 1010 Guía Del Usuario
154 Chapter 8 Configuring IPSec mobility and persistent mode
NN46110-500
Maximum roaming time
Maximum roaming time is the time used by the Nortel VPN Client to keep the
tunnel from going down after the IP address on the physical interface (on which
tunnel was brought up) has been lost.
tunnel from going down after the IP address on the physical interface (on which
tunnel was brought up) has been lost.
For example, if you move from area 1 (AP1) to area 2 (AP2) and the IP address on
the interface is lost, it could take some time to establish contact with AP2 in area
2. Maximum roaming time allows you to tune this time such that the client can
keep the connection up for 2 hours and then if necessary, the same session can be
re-vitalized at another location.
the interface is lost, it could take some time to establish contact with AP2 in area
2. Maximum roaming time allows you to tune this time such that the client can
keep the connection up for 2 hours and then if necessary, the same session can be
re-vitalized at another location.
You must use some caution and tune the idle timeout and the client failover tuning
(legacy client keepalives) timers appropriately for this to work. For example, idle
timeout may start during roaming time and as a result the Nortel VPN Router will
logoff the session. When the client obtains a new IP address and sends an Address
Change Notification, it will not be recognized by the Nortel VPN Router as the
session has already been logged off. A similar situation may arise with the client
failover tuning timers.
(legacy client keepalives) timers appropriately for this to work. For example, idle
timeout may start during roaming time and as a result the Nortel VPN Router will
logoff the session. When the client obtains a new IP address and sends an Address
Change Notification, it will not be recognized by the Nortel VPN Router as the
session has already been logged off. A similar situation may arise with the client
failover tuning timers.
If a rekey is initiated by the Nortel VPN Router during the roaming time, it may
not be able to reach the client (for example, it is out of area) and the rekey may
fail. When the rekey fails, the Nortel VPN Router will bring down the session and
roaming will not succeed even after the client obtains a new IP address. This
occurs because the Nortel VPN Router has no knowledge about the client going
through roaming time at rekey.
not be able to reach the client (for example, it is out of area) and the rekey may
fail. When the rekey fails, the Nortel VPN Router will bring down the session and
roaming will not succeed even after the client obtains a new IP address. This
occurs because the Nortel VPN Router has no knowledge about the client going
through roaming time at rekey.
The forced logoff timer is independent of roaming time. The Nortel VPN Router
is expected to logoff the session whether or not roaming is in progress.
is expected to logoff the session whether or not roaming is in progress.
NAT keepalive timers have no impact on roaming timeout because the Nortel
VPN Router updates the UDP port numbers based on an encrypted Address
Change Notification message.
VPN Router updates the UDP port numbers based on an encrypted Address
Change Notification message.
Once the Nortel VPN Client obtains a new IP address, it retransmits the Address
Change Notification message four times at 8 second intervals until an
acknowledgement is received from the Nortel VPN Router. If no
acknowledgement is received, the client disconnects.
Change Notification message four times at 8 second intervals until an
acknowledgement is received from the Nortel VPN Router. If no
acknowledgement is received, the client disconnects.
Session persistence time has no direct impact on roaming time.