I have already set Maximun Connect Time: and Idle Timeout: to Unlimited in Group Policy. This had no effect. The disconnect is caused by the Connection Time Out setting when looking looking at the vpn-sessiondb details of the remote clients.
... View more
Cisco VPN Client disconnects from ASA 5500 every hour with the error 'Secure VPN Connection Terminated by Peer. Reason 433: (Reason Not Specified By Peer). Running the command 'sh vpn-sessiondb detail remote' shows an IPSec time out of 60 minutes, and the connection time out left corresponds with the disconnect time. IPSecOverNatT: Session ID : 2 Local Addr : 0.0.0.0/0.0.0.0/0/0 Remote Addr : XXX.XXX.XXX.XXX/255.255.255.255/0/0 Encryption : AES256 Hashing : SHA1 Encapsulation: Tunnel Rekey Int (T): 28800 Seconds Rekey Left(T): 25817 Seconds Conn Time Out: 60 Minutes Conn TO Left : 10 Minutes Bytes Tx : 6079 Bytes Rx : 76993 Pkts Tx : 33 Pkts Rx : 782 The error log from the ASA shows the following: Jan 20 2010 08:55:54: %ASA-5-713050: Group = MecV, Username = simons, IP = XX.XXX.X.XXX, Connection terminated for peer simons. Reason: IPSec SA Max t ime exceeded Remote Proxy XXX.XX.XXX.XXX, Local Proxy 0.0.0.0 Jan 20 2010 08:55:54: %ASA-4-113019: Group = MecV, Username = domain\simons , IP = XX.XXX.X.XXX, Session disconnected. Session Type: IPSecOverNatT, Durat ion: 1h:00m:02s, Bytes xmt: 4592002, Bytes rcv: 36523769, Reason: Max time excee ded How do I change the timeout for this so the client remains connect until the idle timeout is exceeded. For now, the Group Policy MecV has been reset with unlimited idle and connection times.
... View more