[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Timeout problems



Hi Joern,

The symptom of receiving an "Invalid payload" after you've given up due to
timeouts exists in most of the exchanges (all but info mode, I think).  You
can solve this problem by not giving up so soon. If you don't want to retry
too often, use exponential backoff algorithms that will give you the ability
of retrying at greater an greater intervals so that you don't bog down your
box. Something like (1,2,4,8... seconds).

The delete payload should work; assuming you really want to do this.  If you
tell the other guy that you've deleted your phase1 SA, then he should stop
sending you ISAKMP messages for that SA.  However, I believe that your best
option is to increase you retry counts / times.


Stephane.


<-----Original Message-----
<From: Joern Sierwald [mailto:joern.sierwald@datafellows.com]
<Sent: Thursday, July 15, 1999 4:26 AM
<To: ipsec@lists.tislabs.com
<Subject: Timeout problems
<
<
<This might have been addresses in the ietf years ago, but I just
<stumbled into this one:
<
<I initiate cfg-mode. Remote host doesn't answer. After
<a couple of retransmissions, I give up.
<
<Two seconds later the remote hosts answers. I think it is
<a new cfg-mode exchange and calculate the IV incorrectly.
<Error "Invalid payload".
<
<Is there any way to prevent this? I found no way to abort a
<cfg-mode exchange cleanly, the delete payload does not work.
<
<Jörn Sierwald
<


Follow-Ups: