Persistent tunneling, Session persistence time – Panasonic 7 User Manual

Page 155

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

Advertising
background image

Chapter 8 Configuring IPSec mobility and persistent mode 155

Persistent tunneling

A persistent VPN connection provides the ability to maintain a VPN connection

without user intervention for a designated period of time. After successfully
establishing a tunnel session to the Nortel VPN Router, the Nortel VPN Client
makes every attempt to maintain a viable VPN connection.

Persistence makes use of the automatic failover capability already available with
the Nortel VPN Router and extends this to allow the new tunnel to be established

without having to re-enter user credentials. A configuration option on the Nortel
VPN Router allows you to specify that VPN clients will cache their VPN
credentials for a specified period of time. If failover is initiated during this time

(persistent time), the client automatically sends the credentials the user submitted

to set up the first tunnel session.

Note: If an authentication method with a challenge ,a one time password
(such as secure ID*), or Nortel VPN Router one time password is

enabled, it will not work for persistence. However, user name/

password-based and certificate-based authentication will work.

The Nortel VPN Client accepts a list of failover hosts configured on the Nortel
VPN Router and tries to connect to those servers if the connection with the

primary server is lost. As each failover server destination is attempted, you are
prompted, allowing you the option to cancel the operation. If the user doesn’t
intervene, the connection attempt continues. With persistence enabled, after going
through the list of failover servers, the client tries the primary and then the initially

supplied failover servers again in the loop until the client connects or until the

persistency timer expires, whichever comes first.

Session persistence time

The purpose of this timer is to allow the persistent tunnel only for certain amount
of time after the initial login. This prevents security threats such as a stolen laptop

accessing the network due to persistence for longer durations. By setting this

timer to 24 hours, users can use the VPN connectivity for work without requiring
to login more than once.

Nortel VPN Router Configuration — Basic Features

Advertising
Popular Brands
Popular manuals