Hello, A partner company is using ISA Server 2006. I have set up an IPSEC tunnel between our sites. In order to do this, I had to establish three tunnels:
1. A tunnel between the public IP addresses 2. A tunnel between my private subnet and their public IP address 3. A tunnel between my public IP address and their private subnet The tunnel is working fine most of the time. The problem is that when the remote ISA Server is restarted, StrongSwan does not renegotiate the Phase 1 (IKE) key. Instead, it attempts to reuse the key it obtained before the remote computer was restarted. Consequently, once the remote computer is restarted, StrongSwan cannot bring the tunnel back online. I might note that the ISA Server is able to reestablish its end of the tunnel. My question is, how can I get StrongSwan to bring its end of the tunnel back online when the remote ISA Server is restarted? Assuming my static IP is 1.1.1.1 and their static IP is 2.2.2.2, my VPN config is a follows: config setup # just use defaults # Add connections here. conn isa type=tunnel authby=secret ike=3des-sha1-modp1024 ikelifetime=8h esp=3des-sha1 keylife=1h keyingtries=%forever pfs=yes pfsgroup=modp1024 dpdaction=restart left=1.1.1.1 right=2.2.2.2 auto=start conn isa1 leftsubnet=1.1.1.1/32 rightsubnet=192.168.52.0/24 also=isa conn isa2 leftsubnet=192.168.50.0/24 rightsubnet=2.2.2.2/32 also=isa Best Regards, Brandon Rock _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users