Nortel 1010 用户指南
156 Chapter 8 Configuring IPSec mobility and persistent mode
NN46110-500
Session persistence time should be longer than the roaming time as persistence
starts only after roaming fails. There is no direct relation between persistence and
any other timers on the Nortel VPN Router.
starts only after roaming fails. There is no direct relation between persistence and
any other timers on the Nortel VPN Router.
However, the Nortel VPN Client will not enter persistence mode if the previous
log off happened due to a log off message received from the Nortel VPN Router.
This allows you to force a rogue user log off any time even when persistence is on.
The client continues to attempt connections to a list of servers cyclically when the
existing tunnel goes down (due to events such as roaming timeout) for a period
equal to persistence time after the initial login.
log off happened due to a log off message received from the Nortel VPN Router.
This allows you to force a rogue user log off any time even when persistence is on.
The client continues to attempt connections to a list of servers cyclically when the
existing tunnel goes down (due to events such as roaming timeout) for a period
equal to persistence time after the initial login.
Persistent mode will work with no failover list by trying the connection to the
same Nortel VPN Router. The original Nortel VPN Router is included in the list
that the client tries to connect to. If no servers are set in the failover list, the
original Nortel VPN Router is tried persistently.
same Nortel VPN Router. The original Nortel VPN Router is included in the list
that the client tries to connect to. If no servers are set in the failover list, the
original Nortel VPN Router is tried persistently.
Configuring IPSec mobility and persistence
IPSec mobility is a licensed feature. Contact your Nortel representative to obtain a
license key. To install the Advanced Routing license key:
license key. To install the Advanced Routing license key:
1
Go to Admin > License Keys
2
Enter the Advance Routing license.
3
Click on OK.
Configuring IPSec mobility
The IPSec mobility and persistence features are configured at the user/group level.
To configure NAT traversal, see Nortel VPN Router Security — Firewalls, Filters,
NAT, and QoS . You do not have to enable IPSec mobility and persistence
together. You can use either or both as is suitable for your environment.
To configure NAT traversal, see Nortel VPN Router Security — Firewalls, Filters,
NAT, and QoS . You do not have to enable IPSec mobility and persistence
together. You can use either or both as is suitable for your environment.
To configure IPSec mobility and persistence through the GUI:
1
Go to Profiles > Groups. In the IPSec section, click Configure. The Edit
IPSec window appears as shown in
IPSec window appears as shown in
.