sa3450 and sa3000 Series VPN Manager - Release 6.8.2 Release Notes

Release 6.8.2 Release Notes

SST Tunnel Renegotiation Requirements

Two hours before the key lifetime expiration for an SST

tunnel, the tunnel renegotiates, which is normal.

The reason for this behavior is that if your VPN device has

a large number of active tunnels, it may take that amount

of time (2 hours) to renegotiate all the tunnels.

RADIUS, SecurID, and SoftID users must re-authenticate

their tunnels after renegotiation, however challenge phrase

and Shiva CA and Entrust certificate users do not have to

re-authenticate their tunnels as renegotiation is transparent

to them.

Unable to Connect With PPP/CHAP

Through Synchronous Line Without Match

Reference Number 104330DF

Attempting to connect with PPP (Point-to-Point Protocol)

using CHAP (Challenge Handshake Authentication

Protocol) through a synchronous line is unsuccessful if

there is not a match of peer user names and password. If

unsuccessful, the PPP session does not complete as result

of CHAP failure for interface S0 remote. The message

states no name found.

To avoid this problem, it is important to remember that

CHAP negotiation requires both user names and a

password at the local device and the remote device. At

each device, the local user name is used as configured in

the General settings. You must enter the CHAP Peer User

Name and the CHAP password, that is, the user name from

the peer device and the CHAP password, at each device.

The CHAP password must be identical, that is, both

devices must use the same password.