Initial contact payload (icp) – Panasonic 7 User Manual

Chapter 8 Configuring IPSec mobility and persistent mode 153

When operating in IPSec mobility mode with split tunneling enabled, the Nortel

VPN Client does not consider the routing table to be maliciously altered and will
not bring down the tunnel in the following cases:

•

IP address change for any adapter

•

Adapter has been removed

•

Adapter is plugged in and connects

Initial contact payload (ICP)

If the Nortel VPN Client fails to notify the Nortel VPN Router of the logoff or

tunnel termination due to network problems (such as, the interface went down
before sending logoff sequence), the client's session could still be in the session
table for a period of time specified by the Idle Timeout. If the client tries to
reconnect and the previous session has not expired yet, the client would not be

able to log in, as only one active session is allowed per user by default.

The Initial Contact Payload feature could be used in this situation to clear up old

sessions. This feature allows the server to terminate an old session if a new session

has the same user ID as the old one.

Note: With IPC the server cannot identify the session to terminate if a
user is logged in multiple times. Nortel recommends using IPC when the

max login is set to 1.

Beginning with version 5.01, the Nortel VPN Client always sends the Initial
Contact Payload; such behavior could be accepted or rejected by the Nortel VPN

Router based on the VPN Router configuration. The “Accept ISAKMP Initial

Contact Payload” parameter configured per group specifies Nortel VPN Router

action towards received initial contact payload.

Nortel VPN Router Configuration — Basic Features