01-15-2003 10:47 AM - edited 02-21-2020 12:17 PM
I have a VPN3030 concentrator and VPN client 3.6.2.b and they are connected through Internet but instable the internet connectivity.
So I want to continue the end users application without any interruption even not working during unreachable the internet. For example, in case of have a problem for 5 minutes the internet connectivity, my end user resuming his/her application through VPN tunnel when internet connectivity restored without restarting the VPN client software. Follows our configuration.
VPN client 3.6.2.b(.pcf file)
---------------------------------
ForceKeepAlives=1
PeerTimeout=480
VPN concentrator,
----------------------
IKE keepalive=enabled.
IKE lifetime=86400
IPSec SA lifetime=28800
VPN client established to concentrator and made a continuous PING to verify the status. I removed LAN cable from LAPTOP and connect again 5 minutes later. Still the VPN client alive but cannot resuming the PING. I must restart the VPN client. The log in the concentrator shows connection terminated by user request. I tried with IKE keepalive=disabled in the concentrator but same result.
---------------------------
30559 01/15/2003 12:36:37.000 SEV=5 IKE/50 RPT=18727 64.231.118.149
Group [test_vpn_1] User [test_usr1]
Connection terminated for peer test_usr1 (Peer Terminate)
Remote Proxy x.x.x.x, Local Proxy x.x.x.x
30562 01/15/2003 12:36:37.010 SEV=5 IKE/50 RPT=18728 x.x.x.x
Group [test_vpn_1] User [test_usr1]
Connection terminated for peer test_usr1 (Peer Terminate)
Remote Proxy x.x.x.x, Local Proxy x.x.x.x
30565 01/15/2003 12:36:37.010 SEV=4 AUTH/28 RPT=13032 x.x.x.x
User [test_usr1] disconnected:
Duration: 0:23:43
Bytes xmt: 3968
Bytes rcv: 3968
Reason: User Requested
---------------------------
Please guide me how to implement this requirement.
Thanks,
01-15-2003 12:06 PM
it sounds like all of the keys have been deleted for that tunnel on the client. once the keys are deleted you will need to re-establish the tunnel to send secure data (restart the vpn client). why are you removing the LAN cable from the laptop? assuming that the laptop is at the remote site, removing the cable is constituting a user requested termination on the concentrator. *also enable the Log Viewer on the client to assist you. (turn all log settings from low(default) to high)
but per your question
one method is to force keepalives in the Client profile (on the client computer)
open up the Cisco folder (on the C drive, or whenever you installed the vpn client) and go into the Profiles
you will see files with the name of the connections that you made
they will be with a .pcf extension
open these up with a text editor (NOTEPAD) and go down to the line that says
ForceKeepAlives=0
change it to 1
Keepalives on the concentrator are not really "keepalives" per say, it just enables DeadPeerDetection. client and concentrator communicate every 5 secs to see if connection is still alive. if it dies you will see a message like this
621 01/15/2003 11:54:54.010 SEV=4 IKE/123 RPT=73
Group [group1] User [user]
IKE lost contact with remote peer, deleting connection (keepalive type: DPD)
623 01/15/2003 11:54:54.020 SEV=4 AUTH/27 RPT=246
User [user] disconnected:
Duration: 1:17:16
Bytes xmt: 613576
Bytes rcv: 558560
Reason: User Requested
IKE lost contact with remote peer, deleting connection (keepalive type: DPD)
in most cases this means something between the modem, line,ISP cloud to the concentrator went bad. this has been happening to me ALOT lately.
01-15-2003 01:21 PM
Thanks, my point is how can keep the VPN session even have a problem some while in the internet connectivity. There could be not available the internet for 1 min or 3 min. for some reason. At that case, I want to just wait and continue end users application without restart the VPN session.
I tried my LAPTOP put on the remote site and established VPN session to concentrator. I issued a continuous PING to server which located inside of concentrator and monitoring the status while testing. Removed RJ45 cable from my LABTOP for 30 seconds and connect again. Then PING continues without restarting the VPN session. It means VPN session not terminated. But if I try removing RJ45 cable from my LABTOP for 3 minutes, cannot PING even connect again the RJ45 cable. It means VPN session terminated.
My question is how can I keep the VPN session longer (ex, 5 minutes).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide