Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5683
Views
0
Helpful
2
Replies

Remote Access VPN Client disconnects after 1 hour

tseymour
Level 1
Level 1

‎01-20-2010 08:55 AM - edited ‎02-21-2020 04:27 PM

Cisco VPN Client disconnects from ASA 5500 every hour with the error 'Secure VPN Connection Terminated by Peer. Reason 433: (Reason Not Specified By Peer).  Running the command 'sh vpn-sessiondb detail remote' shows an IPSec time out of 60 minutes, and the connection time out left corresponds with the disconnect time.

IPSecOverNatT:
  Session ID   : 2
  Local Addr   : 0.0.0.0/0.0.0.0/0/0
  Remote Addr  : XXX.XXX.XXX.XXX/255.255.255.255/0/0
  Encryption   : AES256                 Hashing      : SHA1
  Encapsulation: Tunnel
  Rekey Int (T): 28800 Seconds          Rekey Left(T): 25817 Seconds
  Conn Time Out: 60 Minutes             Conn TO Left : 10 Minutes
  Bytes Tx     : 6079                   Bytes Rx     : 76993
  Pkts Tx      : 33                     Pkts Rx      : 782

The error log from the ASA shows the following:

Jan 20 2010 08:55:54: %ASA-5-713050: Group = MecV, Username = simons, IP
= XX.XXX.X.XXX, Connection terminated for peer simons.  Reason: IPSec SA Max t
ime exceeded  Remote Proxy XXX.XX.XXX.XXX, Local Proxy 0.0.0.0
Jan 20 2010 08:55:54: %ASA-4-113019: Group = MecV, Username = domain\simons
, IP = XX.XXX.X.XXX, Session disconnected. Session Type: IPSecOverNatT, Durat
ion: 1h:00m:02s, Bytes xmt: 4592002, Bytes rcv: 36523769, Reason: Max time excee
ded

How do I change the timeout for this so the client remains connect until the idle timeout is exceeded.  For now, the Group Policy MecV has been reset with unlimited idle and connection times.

Labels:
0 Helpful
2 Replies 2

snandigam
Level 1
Level 1

‎01-20-2010 12:01 PM

In ASDM, under Group Policy - Choose your Group Policy - General - More Options - There is Max Connect Time and Idle time out settings.

0 Helpful

tseymour
Level 1
Level 1
In response to snandigam

‎01-20-2010 12:18 PM

I have already set Maximun Connect Time: and Idle Timeout: to Unlimited in Group Policy.  This had no effect.  The disconnect is caused by the Connection Time Out setting when looking looking at the vpn-sessiondb details of the remote clients.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents