172

Enhancements to IPsec/VPN

Release Note

ISAKMP will not reattempt XAUTH authentication failures (phase 1.5). XAUTH failures indicate that either the router or switch and its peer have different authentication details, or a third party is attempting to connect to the router or switch. This needs to be investigated manually.

Command Changes

The following table summarises the modified commands:

Command

Change

 

 

create isakmp policy

New retryikeattempts parameter.

 

 

set isakmp policy

New retryikeattempts parameter.

 

 

show isakmp counters

New retryIkeAttemptsPh1 and retryIkeAttemptsPh2

 

parameters in output when counters is set to general.

 

New usePolIkeRetryGood and usePolIkeRetryFailed

 

parameters in output when counters is set to spd.

 

 

show isakmp policy

New Retry IKE Attempts, Current IKE Retries, and

 

Required IKE Retry Phase parameters in the output when

 

a policy is specified.

 

 

VPN Tunnel Licencing

By default, the AR415S allows one VPN tunnel. Additional VPN tunnels require a special feature licence. If you need more VPN tunnels, contact your authorised distributor or reseller. Other products do not need a special feature licence for more VPN tunnels.

Command changes

The following table summarises the modified command.

Command

Change

 

 

show ipsec

New output parameters

 

 

Software Version 2.8.1 C613-10477-00 REV B

Page 172
Image 172
Allied Telesis AT-9900 VPN Tunnel Licencing, New retryikeattempts parameter, New Retry IKE Attempts , Current IKE Retries