12-10-2009 05:26 AM
Hello,
I recognized a problem what occurs only with Windows Vista and Windows 7 (not important if 32bit / 64bit). The Clients connects using
L2TP to the ASA 5520 Version 8.05. The VPN tunnels comes up. So far no problem. After exactly 6 hours the session disconnects even if the user is working, whereas the Internet connection is definitely not the problem.
We could reproduce the effect with diferent Windows7 - computers.
At the ASA the connection timeout for VPN sessions is set to unlimited, the ipsec SA is set to 3600, Maximum connect time: unlimited,
Idle timeout: unlimited.
Does anybody know about that problem? How can it be solved?
It looks that sowmthing with the rekeying isgoing wrong
Nov 27 15:05:49 nderr231.de.festo.net Nov 27 2009 15:05:47 NDERR231 : %ASA-5-713120: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, PHASE 2 COMPLETED (msgid=22d12f94)
Nov 27 15:56:47 nderr231.de.festo.net Nov 27 2009 15:56:47 NDERR231 : %ASA-5-713041: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, IKE Initiator: Rekeying Phase 2, Intf outside, IKE Peer 217.228.150.247 local Proxy Address
141.130.50.231, remote Proxy Address 217.228.150.247, Crypto map (outside_dyn_map0)
Nov 27 15:56:47 nderr231.de.festo.net Nov 27 2009 15:56:47 NDERR231 : %ASA-5-713049: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, Security negotiation complete for User (xxx) Responder, Inbound SPI = 0x4010dab1, Outbound S
PI = 0x504cd333
Nov 27 15:56:47 nderr231.de.festo.net Nov 27 2009 15:56:47 NDERR231 : %ASA-5-713120: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, PHASE 2 COMPLETED (msgid=84239f47)
Nov 27 15:59:47 nderr231.de.festo.net Nov 27 2009 15:59:47 NDERR231 : %ASA-5-713041: Username = xxx, IP = 217.228.150.247, IKE Initiator: Rekeying Phase 1, Intf outside, IKE Peer 217.228.150.247 local Proxy Address N/A, remote Proxy Ad
dress N/A, Crypto map (N/A)
Nov 27 15:59:47 nderr231.de.festo.net Nov 27 2009 15:59:47 NDERR231 : %ASA-5-713119: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, PHASE 1 COMPLETED
Nov 27 15:59:47 nderr231.de.festo.net Nov 27 2009 15:59:47 NDERR231 : %ASA-5-713041: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, IKE Initiator: Rekeying Phase 2, Intf outside, IKE Peer 217.228.150.247 local Proxy Address
141.130.50.231, remote Proxy Address 217.228.150.247, Crypto map (outside_dyn_map0)
Nov 27 15:59:48 nderr231.de.festo.net Nov 27 2009 15:59:48 NDERR231 : %ASA-5-713049: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, Security negotiation complete for User (xxx) Initiator, Inbound SPI = 0x726c5fd4, Outbound S
PI = 0xd8a5e48a
Nov 27 15:59:48 nderr231.de.festo.net Nov 27 2009 15:59:48 NDERR231 : %ASA-5-713120: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, PHASE 2 COMPLETED (msgid=cc008b97)
Nov 27 15:59:48 nderr231.de.festo.net Nov 27 2009 15:59:48 NDERR231 : %ASA-5-713050: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, Connection terminated for peer xxx. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
Nov 27 15:59:48 nderr231.de.festo.net Nov 27 2009 15:59:48 NDERR231 : %ASA-5-713259: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, Session is being torn down. Reason: L2TP initiated
Nov 27 15:59:48 nderr231.de.festo.net Nov 27 2009 15:59:48 NDERR231 : %ASA-4-113019: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, Session disconnected. Session Type: L2TPOverIPsecOverNatT, Duration: 6h:00m:01s, Bytes xmt: 3
060852, Bytes rcv: 3231213, Reason: L2TP initiated
Thank you in advance for Help
Gerhard
12-10-2009 04:08 PM
It's probably just a keep-alive or time out issue... can you post your config (making sure to replace any public IP's and password strings).
06-04-2014 10:44 PM
Hello Gerhard,
Did you figure out what this issue was?
Regards,
Anand
06-05-2014 12:08 AM
If I remember correctly the colleagues from the Client Services were in contact with Microsoft support.
The Problem only appeared when the VPN-Profiles for the clients were created by an autemated procedure.
But I don't know the real solution of the problem..
Best Regards
Gerhard
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide