Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
881
Views
0
Helpful
3
Replies

Cisco VPN client vpn disconnection problem

Go to solution
acleri
Level 1
Level 1

‎05-24-2011 11:24 PM

Hi,

we have a Cisco ASA 8.2(3) and several vpn client ipsec that connect to it ( 5.0.07.0290-k9 and 5.0.07.0410-k9).

ExExactly after 4 hours the vpn connections of these clients are dropped even if the client is still sending traffic. I can't find any setting on the configuration in order to avoid this connection drop. Anyone have an idea how to solve it?

I

I

Af

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andamani
Cisco Employee
Cisco Employee

‎05-25-2011 06:58 AM

Hi,

Please paste the output of "sh run cry". we can check the lifetime values.

also you can enable the following debugs like half an hour before the Client expected time to disconnect.

deb cry isa 127

deb cry ips 127.

We can check the reason from the debugs with the help of the client ip address.

Hope this helps.

regards,

Anisha

P.S.:Please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
jonathanaxford
Level 3
Level 3

‎05-25-2011 03:05 AM

Hi,

If the conenction drops after exactly four hours each time, then it does seem to be some sort of timer that is expiring and then not re-initiating the connection.


It might be worthwhile trying to run some debugs to see if you can see exactly what is causing the connection to drop? Things like debug crypto isakmp and debug crypto ipsec are always handy.

If you manually re-initiate the connection, I am assuming that it comes straight back up?

Many thanks

Jonathan

0 Helpful

Go to solution
andamani
Cisco Employee
Cisco Employee

‎05-25-2011 06:58 AM

Hi,

Please paste the output of "sh run cry". we can check the lifetime values.

also you can enable the following debugs like half an hour before the Client expected time to disconnect.

deb cry isa 127

deb cry ips 127.

We can check the reason from the debugs with the help of the client ip address.

Hope this helps.

regards,

Anisha

P.S.:Please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

0 Helpful

Go to solution
acleri
Level 1
Level 1

‎05-26-2011 07:48 AM

After an analisys fo the configuration I found under the vpn group policy the command vpn-session-timeout 240.

once removed the vpn stay up.

thank you for your suggestions.

regards.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents