12-12-2011 02:49 AM - edited 02-21-2020 05:45 PM
Hi,
I have a Cisco linux client which always breaks after 15:26 minutes. I am suspeciaos that the problem is in crypto ipsec transform-set.
This is the configuration:
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
Can I add more transform sets to test is this the problem?
Regards
12-12-2011 03:23 AM
Transform set does not have to deal with time out period. There is always setting for SA phase 1 and phase 2 Life Time.
If leave on default then phase 1 is going to be 24 Hrs and phase 2 is going to be 28000 seconds. There is another thing which is called idle /session time out value default is 30 Mins.
If all is set on default then i would suggest to look at logs of firewall. Also status of other VPN clients to see if all are getting disconnect or just one which is on Linux.
Enter the vpn-idle-timeout command in group-policy configuration mode or in username configuration mode in order to configure the user timeout period:
hostname(config)#group-policy DfltGrpPolicy attributes hostname(config-group-policy)#vpn-idle-timeout none
Configure a maximum amount of time for VPN connections with the vpn-session-timeout command in group-policy configuration mode or in username configuration mode:
hostname(config)#group-policy DfltGrpPolicy attributes hostname(config-group-policy)#vpn-session-timeout none
Thanks
Ajay
12-12-2011 03:42 AM
Yes, but I thing that the configuration that you posted is for ASA device.
I have a Cisco 1841 router with IOS 15.1 as VPN server?
How I must configure it?
12-12-2011 03:59 AM
Frist of all I would say run these command to check what is configured -
#show crypto isakmp policy
Changing SA life time for phase 1- Need to add lifetime command with value at last.
crypto isakmp policy 15
hash md5
authentication rsa-sig
group 2
lifetime 5000
Changing SA life time for phase 2-
crypto ipsec security-association lifetime seconds
Thanks
Ajay
12-12-2011 04:33 AM
Cisco#show crypto isakmp policy
Global IKE policy
Protection suite of priority 1
encryption algorithm: Three key triple DES
hash algorithm: Message Digest 5
authentication method: Pre-Shared Key
Diffie-Hellman group: #2 (1024 bit)
lifetime: 86400 seconds, no volume limit
ps. I use Centos 5.7 and VPN client 4.8.
Is it possible that the problem is in the VPN client?
I have a Centos server with VPNC client who is 24 hours connected.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide