Maximum roaming time – Panasonic 7 User Manual

Page 154

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

Advertising
background image

154 Chapter 8 Configuring IPSec mobility and persistent mode

Maximum roaming time

Maximum roaming time is the time used by the Nortel VPN Client to keep the

tunnel from going down after the IP address on the physical interface (on which
tunnel was brought up) has been lost.

For example, if you move from area 1 (AP1) to area 2 (AP2) and the IP address on
the interface is lost, it could take some time to establish contact with AP2 in area

2. Maximum roaming time allows you to tune this time such that the client can
keep the connection up for 2 hours and then if necessary, the same session can be

re-vitalized at another location.

You must use some caution and tune the idle timeout and the client failover tuning

(legacy client keepalives) timers appropriately for this to work. For example, idle

timeout may start during roaming time and as a result the Nortel VPN Router will
logoff the session. When the client obtains a new IP address and sends an Address

Change Notification, it will not be recognized by the Nortel VPN Router as the

session has already been logged off. A similar situation may arise with the client

failover tuning timers.

If a rekey is initiated by the Nortel VPN Router during the roaming time, it may
not be able to reach the client (for example, it is out of area) and the rekey may
fail. When the rekey fails, the Nortel VPN Router will bring down the session and

roaming will not succeed even after the client obtains a new IP address. This

occurs because the Nortel VPN Router has no knowledge about the client going

through roaming time at rekey.

The forced logoff timer is independent of roaming time. The Nortel VPN Router
is expected to logoff the session whether or not roaming is in progress.

NAT keepalive timers have no impact on roaming timeout because the Nortel
VPN Router updates the UDP port numbers based on an encrypted Address
Change Notification message.

Once the Nortel VPN Client obtains a new IP address, it retransmits the Address

Change Notification message four times at 8 second intervals until an

acknowledgement is received from the Nortel VPN Router. If no
acknowledgement is received, the client disconnects.

Session persistence time has no direct impact on roaming time.

NN46110-500

Advertising
Popular Brands
Popular manuals