cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1502
Views
0
Helpful
1
Replies

remote VPN client disconnects every hour

JOHN VOLTER
Level 1
Level 1

hello,

I have a Cisco router that works as a VPN server. a remote user uses Cisco VPN client 5.0.05.0290 to connect to the office resources.

Every one hour (or a few minutes less than one hour) after a connections is established, a message pops up on a user's laptop asking to re-authenticate. If you caught the mesage right away and entered same username and password that was used to establish the connection - the connections stays, but if you missed it by a minute or so - there is no indication that username/password is wrong, and it seems that the connection is still working fine, but in a few seconds a disconnect error message pops up:

"Secure VPN Connection terminated locally by the Client"

I am also attaching some debug info from the Client side...(asked for password at 14:44 and typed password 14:54 in the log)

my questions are:

1) How to make VPN client continue the connection without prompting a user to re-authenticate.

2) What's causing the router or the client to ask a user to type username/password again?

here is the config(keep in mind that I use the same crypto map for site2site vpn tunnel as well):

aaa authentication login userauthen local

aaa authorization network groupauthor local

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

lifetime 3600

crypto isakmp key ******* address x.x.x.x no-xauth

crypto isakmp client configuration address-pool local vpn-users

crypto isakmp client configuration group group-name

key *****************

wins x.x.x.x

pool vpn-users

acl split-tunnel

crypto ipsec transform-set 3des-md5 esp-3des esp-md5-hmac

crypto dynamic-map any-dyn 10

set transform-set 3des-md5

crypto map dc client authentication list userauthen

crypto map dc isakmp authorization list groupauthor

crypto map dc client configuration address respond

crypto map dc 2 ipsec-isakmp

set peer x.x.x.x

set transform-set 3des-md5

match address dc-vpn

crypto map dc 10 ipsec-isakmp dynamic any-dyn

ip local pool vpn-users 192.168.254.1 192.168.254.100

Thank you for helping me figure this one out.

1 Reply 1

JOHN VOLTER
Level 1
Level 1

here is the attached log file...