Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2956
Views
0
Helpful
1
Replies

Users successfully establish a VPN connection, but the connection periodically drops

eramos
Level 1
Level 1

‎12-12-2012 08:43 AM

Hi everyone

We have the following scenario:

  • Office (192.168.181.x)
  • Home workers (192.168.183.x)

Connections:

  • Home to Office is routed through a Client to Site IPSec VPN.

Users successfully establish a VPN connection, but the connection periodically drops with ASA, do you know what is the problem .

or how can i fix it .

crypto isakmp identity address

crypto isakmp enable QL

crypto isakmp enable management

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

no crypto isakmp nat-traversal

telnet 0.0.0.0 0.0.0.0 Inside183

telnet 10.4.1.0 255.255.255.0 management

telnet timeout 60

ssh 0.0.0.0 0.0.0.0 Inside183

ssh 189.203.27.61 255.255.255.255 QL

ssh timeout 5

console timeout 0

management-access Inside183

dhcpd address 10.4.1.2-10.4.1.254 management

dhcpd enable management

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ssl trust-point ASDM_TrustPoint1 OUTSITE

ssl trust-point ASDM_TrustPoint1 QL

webvpn

enable QL

svc enable

tunnel-group-list enable

smart-tunnel list asavpn 01 outlook.exe platform windows

smart-tunnel auto-signon appserver use-domain host rexchmx

group-policy Test internal

group-policy Test attributes

wins-server value 192.168.180.10 192.168.160.10

dns-server value 192.168.180.10 192.168.160.10

vpn-tunnel-protocol l2tp-ipsec

default-domain value berry.net

group-policy DfltGrpPolicy attributes

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

group-policy asavpn internal

group-policy asavpn attributes

wins-server value 192.168.180.10

dns-server value 192.168.180.10

vpn-tunnel-protocol svc webvpn

split-tunnel-policy excludespecified

split-tunnel-network-list value outside_access_in

webvpn

url-list value RjocoFiles

svc ask none default webvpn

customization value DfltCustomization

smart-tunnel auto-signon enable appserver domain berry.net

group-policy BERRYVPN internal

group-policy BERRYVPN attributes

wins-server value 192.168.180.10 192.168.140.10

dns-server value 192.168.180.10 192.168.140.10

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_tunnel

default-domain value berry.net

tunnel-group 206.104.22.2 type ipsec-l2l

tunnel-group 206.104.22.2 ipsec-attributes

pre-shared-key **

tunnel-group asa-joco type remote-access

tunnel-group asa-joco general-attributes

address-pool test

authentication-server-group AD-Radius

authentication-server-group (Inside) AD-Radius

authorization-server-group AD-Radius

authorization-server-group (Inside) AD-Radius

accounting-server-group AD-Radius

default-group-policy asavpn

crypto isakmp identity address

crypto isakmp enable QL

crypto isakmp enable management

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

no crypto isakmp nat-traversal

telnet 0.0.0.0 0.0.0.0 Inside183

telnet 10.4.1.0 255.255.255.0 management

telnet timeout 60

ssh 0.0.0.0 0.0.0.0 Inside183

ssh 189.203.27.61 255.255.255.255 QL

ssh timeout 5

console timeout 0

management-access Inside183

dhcpd address 10.4.1.2-10.4.1.254 management

dhcpd enable management

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ssl trust-point ASDM_TrustPoint1 OUTSITE

ssl trust-point ASDM_TrustPoint1 QL

webvpn

enable QL

svc enable

tunnel-group-list enable

smart-tunnel list asavpn 01 outlook.exe platform windows

smart-tunnel auto-signon appserver use-domain host rexchmx

group-policy Test internal

group-policy Test attributes

wins-server value 192.168.180.10 192.168.160.10

dns-server value 192.168.180.10 192.168.160.10

vpn-tunnel-protocol l2tp-ipsec

default-domain value berry.net

group-policy DfltGrpPolicy attributes

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

group-policy asavpn internal

group-policy asavpn attributes

wins-server value 192.168.180.10

dns-server value 192.168.180.10

vpn-tunnel-protocol svc webvpn

split-tunnel-policy excludespecified

split-tunnel-network-list value outside_access_in

webvpn

url-list value RjocoFiles

svc ask none default webvpn

customization value DfltCustomization

smart-tunnel auto-signon enable appserver domain berry.net

group-policy BERRYVPN internal

group-policy BERRYVPN attributes

wins-server value 192.168.180.10 192.168.140.10

dns-server value 192.168.180.10 192.168.140.10

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_tunnel

default-domain value berry.net

tunnel-group 206.104.22.2 type ipsec-l2l

tunnel-group 206.104.22.2 ipsec-attributes

pre-shared-key **

tunnel-group asa-joco type remote-access

tunnel-group asa-joco general-attributes

address-pool test

authentication-server-group AD-Radius

authentication-server-group (Inside) AD-Radius

authorization-server-group AD-Radius

authorization-server-group (Inside) AD-Radius

accounting-server-group AD-Radius

default-group-policy asavpn

Labels:
0 Helpful
1 Reply 1

eramos
Level 1
Level 1

‎12-12-2012 03:49 PM

I find it the solution

This has to happen on the remote computer. The PCF file can be edited by first opening Notepad. Once notepad is open, under File Types, select "All Files". Then navigate to C:\Program Files\Cisco Systems\VPN client\Profiles. In our situation, the only PCF file that contained line I was looking for was in the SW VPN General.pcf file.

The line you're looking for is titeled ForceKeepAlives. By default, it's set to "0". You want to change that to "1

or

add the line ForceKeepAlives=1

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents