Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
335
Views
0
Helpful
2
Replies

site-to-site VPN problem

Branimir Turk
Level 1
Level 1

‎06-06-2007 07:45 AM - edited ‎02-21-2020 03:05 PM

Hi, i am trying to deploy site-to-site vpn from remote site to central location. It seems that after some period of inactivity users experience some kind of connection timeout. ( Users send some heavy processing querry to SQL server,and after for example 10 minutes of processing they lose connection?Other "non timed out users" work fine at that time.) When that happens vpn is still up.And time-outed users can again connect to server.

Here is the part of configuration related to VPN

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

crypto isakmp key xxxx address xxx.xxx.xxx.xxx

crypto isakmp invalid-spi-recovery

crypto isakmp keepalive 10 periodic

crypto isakmp nat keepalive 5

!

crypto ipsec security-association lifetime seconds 28800

!

crypto ipsec transform-set strong esp-3des esp-md5-hmac

!

crypto map vpn-crosig 100 ipsec-isakmp

set peer 213.x.x.148

set transform-set strong

match address vpn-crosig

reverse-route remote-peer

!

!

!

!

interface FastEthernet0

description >>Prema VM mrezi<<

ip address xxx.xxx.xxx.xxx 255.255.255.240

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

priority-group 1

no cdp enable

crypto map vpn-crosig

!

tion hdlc

shutdown

!

interface FastEthernet2

switchport access vlan 100

no cdp enable

!

interface Vlan100

description >>Prema LAN<<

ip address 192.168.0.1 255.255.255.0

ip access-group 154 in

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1400

no snmp trap link-status

priority-group 1

!

!

ip default-gateway 80.x.x.209

ip route 0.0.0.0 0.0.0.0 80.253.173.209

!

ip nat pool vpn 172.30.144.82 172.30.144.94 prefix-length 28

ip nat inside source route-map internet interface FastEthernet0 overload

ip nat inside source route-map vpn pool vpn

ip access-list extended internet

deny ip 192.168.0.0 0.0.0.255 10.0.0.0 0.255.255.255

permit ip 192.168.0.0 0.0.0.255 any

ip access-list extended vpn

permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.255.255.255

ip access-list extended vpn-crosig

permit ip 172.30.144.80 0.0.0.15 10.0.0.0 0.255.255.255

At the central site i am using VPN 3000 series concentrator. And the clients are trying to connect to 10.0.0.0/8 at central.

Labels:
0 Helpful
2 Replies 2

gmarogi
Level 5
Level 5

‎06-12-2007 08:23 AM

I don't think the problem is with vpn concentrator. The problem could be the remote server timing out the connection. Following link may help you

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_user_guide_chapter09186a0080656460.html

0 Helpful

Branimir Turk
Level 1
Level 1
In response to gmarogi

‎06-12-2007 12:01 PM

tnx for suggestion but the connection is up all the time?

0 Helpful
Customers Also Viewed These Support Documents