• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA 2004 to Freeswan 1.99 - Delete SA every 6 minutes

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> ISA 2004 to Freeswan 1.99 - Delete SA every 6 minutes Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA 2004 to Freeswan 1.99 - Delete SA every 6 minutes - 16.Nov.2005 4:05:35 PM   
sleleu

 

Posts: 15
Joined: 11.Jun.2003
From: France
Status: offline
 Hello there,

 I have set up a site-to-site VPN (IPSec, 3DES-MD5 with preshared key) between my Isa 2004 box and a redhat linux 7.3 with freeswan 1.99.

 Set up was really easy but i have this little problem :

 Each 6 minutes, My ISA Server sends a "Delete SA" command (why ??) even with constant traffic passing trought the vpn link. (Tried with ping -t for exemple)

 The problem is that Freeswan < 2.00 (I have 1.99 ... grrr ) doesn't understand the "Delete SA".... and ignore it...
 Sample log from Freeswan :
Nov 16 15:52:04 xxxxxxx pluto[4679]: "Site1_Site2" #27: ignoring Delete SA payload
Nov 16 15:52:04 xxxxxxx pluto[4679]: "Site1_Site2" #27: received and ignored informational message
Nov 16 15:52:04 xxxxxxx pluto[4679]: "Site1_Site2" #27: ignoring Delete SA payload
Nov 16 15:52:04 xxxxxxx pluto[4679]: "Site1_Site2" #27: received and ignored informational message
Nov 16 15:52:54 xxxxxxx pluto[4679]: "Site1_Site2" #31: responding to Quick Mode
Nov 16 15:52:54 xxxxxxx pluto[4679]: "Site1_Site2" #31: IPsec SA established


 Of course, don't even think about upgrading the linux box... (production)

 The real question is : why ISA sends each 6 minutes this "Delete SA" request while there is traffic on the link !

 Is there a way to solve this ?

 thankxxxx !


 
Post #: 1
RE: ISA 2004 to Freeswan 1.99 - Delete SA every 6 minutes - 16.Nov.2005 7:57:09 PM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
See if this KB article applies...

You cannot sustain a connection for longer than 3 to 10 minutes between a Windows Server 2003 Service Pack 1-based computer and a Linux-based computer

http://support.microsoft.com/default.aspx?scid=kb;en-us;907259

You can call MSFT's Product Support Services and get the hotfix - it'll be free but they'll askfor contact information, which is only used for notification in case the fix has to be pulled.

(in reply to sleleu)
Post #: 2
RE: ISA 2004 to Freeswan 1.99 - Delete SA every 6 minutes - 21.Nov.2005 2:13:39 PM   
sleleu

 

Posts: 15
Joined: 11.Jun.2003
From: France
Status: offline
 Thanx ClintD...

 This MS article seems good for me... I just phoned to MS Support to get the hotfix.

 Wait and see....

(in reply to ClintD)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> ISA 2004 to Freeswan 1.99 - Delete SA every 6 minutes Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts