Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
715
Views
0
Helpful
1
Replies

IPSEC VPN Client authentication timeout

limlayhin
Level 1
Level 1

‎05-09-2013 12:47 AM - edited ‎02-21-2020 06:53 PM

Hi,

I have Cisco ASA5520 Firewall, configured with IPSEC VPN for remote access client.

ASA authenticate with SMS-Gateway which integrated with Radius server.

Things are working fine. Users key in username and password, ASA password the info to SMS-Gateway, SMS-Gateway verify with Radius Server the username and password is correct, SMS-Gateway then prompt user for one time sms password.

Occassionally, maybe telco is slow in sending out sms or receiving sms, user didn't receive sms promptly.

Then, user will encounter error : Secure VPN Connection terminated by Peer. Reason 433: (Reason not specified by Peer)

I turn on my watch timer, and I noticed that the error prompt will always come out after around 2 minutes.

Is there any setting in ASA that I can tune this timeout?

Thanks a lot for your help....

Labels:
0 Helpful
1 Reply 1

limlayhin
Level 1
Level 1

‎07-02-2013 10:40 PM

I can't find anything from the web. I did packet capture for session with VPN Login.

Noticed that VPN Gateway (xx.xx.xx.140) will retry 3 times after its first reply. Each retry period was 30 seconds. 30 secnds after 3rd retry, vpn gateway will terminate the sessions. VPN gateway log will shows session delete message.

Based on the finding, I suspect authentication timeout is not configurable.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents