Re: ipsec session key renegotiation

From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 29 Jun 2006 11:51:51 -0500

I believe that eventfully a new SA should be set up automatically though
offhand I can't remember what time frame to expect. If the Windows Firewall
is enabled on the computer even with the ipsec exemption I am not sure if
that will impede progress or not so if you have that enabled you may want to
temporarily disable it assuming it does not put any computer at risk.
Another thing you could try to speed up the SA is to restart the ipsec
service on the computer that was not restarted as in net stop policyagent
and then net start policy agent. If you have not seen the following links
below from the same white paper yet they are about the best I know of on
Windows ipsec and may give you needed guidance though much will not apply to
your situation a lot still will. Checking the security and application logs
on the computers involved can also give you helpful information. --- Steve

http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/ipsecch7.mspx
http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/ipsecapa.mspx

<getridofthespam@xxxxxxxxx> wrote in message
news:1151579517.023729.160050@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi all,

Now that I have (thanks to Steven L Umbach) the ipsec connection to
work
on the XP machines I face a new problem.
Let's say A and B have a ipsec (not tunnel) connection. When A is
restarted
B cannot connect anymore, it has a session key that A is not aware of.
Can ipsec be configured in such a way that on (re)start keys are
renegotiated
with all hosts mentioned in the configuration (presumed not any host is
configured).

Thanks in advance to all who reply.

References:
- ipsec session key renegotiation
  - From: getridofthespam

Prev by Date: Re: Can't delete a user account in Windows XP
Next by Date: Re: user does not have acces privileges
Previous by thread: ipsec session key renegotiation
Next by thread: Re: Windows Folder Security
Index(es):
- Date
- Thread

Relevant Pages

Re: sysvol replication breaks when IPSec running between DCs & fir
... IPSec" as per as per Steve Riley ... I do not know how to write a firewall rule to ensure that IP ... Riley says you can "Encapsulate domain controller traffic inside ... the IPsec exists underneath the Windows Firewall ...
(microsoft.public.windows.server.active_directory)
Re: 2003 SP1 Install Failed
... After installing SP1, ... Also please install the latest Support Tools for SP1. ... I also suggest that you disable IPSec service temporary and restart the PC. ...
(microsoft.public.windows.server.general)
FreeS/WAN ipsec through NAT
... I'm desperately trying to get my Linux laptop with FreeS/WAN on it ... automatically do "the right thing" when it comes to ipsec / freeswan ... a Dinwows-client talking through a NAT firewall to a LInux FreeS/WAN ... that the configuration runs fine when using the laptop ...
(comp.os.linux.security)
RE: ipsec config problem :URGENT HELP NEEDED
... Subject: ipsec config problem:URGENT HELP NEEDED ... I need some help for this ipsec tunnel configuration that i am trying to ... also the configuration needs a tunnel src address and tunnel dest address. ...
(Focus-SUN)
ipsec config problem :URGENT HELP NEEDED
... Subject: ipsec config problem:URGENT HELP NEEDED ... I need some help for this ipsec tunnel configuration that i am trying to ... I have configured ipsec by using the command 'ipsec' at the command prompt and ... also the configuration needs a tunnel src address and tunnel dest address. ...
(Focus-SUN)