[ previous ] [ next ] [ threads ]
 From:  "Don Gray" <don at netcaliber dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Pix-Mono VPN SA Issue
 Date:  Wed, 3 Aug 2005 20:10:55 -0700
Thanks for the response, Chris.  I've wondered about the satellite issue
myself.  It's a DoD spec connection (from what I'm told).  We get ping
responses between 600-700ms.  I'll do some more experimenting with the
settings but this kind of has me stumped.   

-----Original Message-----
From: Chris Buechler [mailto:cbuechler at gmail dot com] 
Sent: Wednesday, August 03, 2005 4:52 PM
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Pix-Mono VPN SA Issue

On 8/3/05, Don Gray <don at netcaliber dot com> wrote:
> Nobody have an answer for this?

I wrote the part of the docs you linked.  Everything appears to match up
just fine to what I was using at the time (don't have that tunnel up
anymore, that was a previous employer) and it always worked flawlessly when
initiated from either end.  I even googled on that error message and came
upon my own website with a log from some duplicate SA issues I was having a
while back, and I wasn't having any negotation issues at the time.

Only thing that catches my eye is "satellite link."  If it's the typical
residential satellite connection like through DirecWay or similar, those
have huge latency compared to typical broadband connections, and even
several times higher than dial up usually.  If that's the case, maybe when
the PIX initiates, it just doesn't wait long enough for the SA to establish.
Shot in the dark, since nobody else seems to have an answer.  :)


To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch