Chapter 8 Configuring IPSec mobility and persistent mode 149
Nortel VPN Router Configuration — Basic Features
IPSec mobility on Nortel VPN Router
Nortel VPN Router provides a new concept of IPSec mobility. The Nortel VPN
Router IPSec implementation allows support for mobile clients to maintain tunnel
connectivity while roaming from one access point to another. It maintains
TCP-based applications and provides minimum disruptions to UDP-based
applications.
With IPSec mobility, configuration parameters are passed to the Nortel VPN
Router client after a successful IPSec tunnel establishment that instruct the client
to operate in IPSec mobility mode. These parameters force the client to monitor
and communicate any address changes due to roaming to the server. When a
mobile node changes its IP address, the client is notified by the operating system
of the change. The IP address change is then communicated to the Nortel VPN
Router so that the IKE and IPSec SA databases are updated with the new address.
ISAKMP informational exchange messages are used to send the change to the
Nortel VPN Router. Once a notify message with a new client IP address is
received by the Nortel VPN Router, it updates its databases, uses the received IP
as the outer IP address, and responds to the client with an acknowledgment.
Roaming performance factors
Factors that impact the performance of the roaming on the Nortel VPN Router:
• How quickly the adaptor or operating system detects changes in interface state
• DHCP settings of the PC or the DHCP server
• How quickly the operating system acquires the new IP address from the
network
• Network delays or congestion
Logging and status for clients and servers
The Nortel VPN Client logs events to the log file. This includes events such as
Nortel VPN Client sending messages that the IP address changed, and receiving
acknowledgement that these messages were received by the Nortel VPN Router.
To Next Page
Loading...
