We are having problems with the cisco VPN 3.6 when we have many users using the VPN at the same time. Users get disconnects every 5 minutes or so. I suspect it has something to do with NAT translation but I'm unsure how to setup the .pcf file to accomodate this. It seems to work fine when we have only one or two machines.

Most users machines are windows XP however we do have one user with windows 2000 who is having the same problems.

On most people's machines, they are running PC-cillin, but the personal firewall has been turned off. However, I am also experiencing the same problem on my laptop, which has McAfee installed, and again, I don't believe the personal firewall is enabled.

Our connection is High speed DSL. We have a netgear router-hub FVS318 which is our firewall as well. There is also a cisco switch 2950 connected to it.

Here is some information from the VPN log files

At 11:04, is when the VPN connection is established. The second set of log entries, starting around 11:23, is when it got disconnected.

1 11:04:54.203 12/16/02 Sev=Warning/2 IKE/0xA3000062

Attempted incoming connection from 206.191.36.218. Inbound connections are not allowed.

2 11:04:54.203 12/16/02 Sev=Warning/2 IKE/0xA3000062

Attempted incoming connection from 206.191.36.218. Inbound connections are not allowed.

3 11:04:55.203 12/16/02 Sev=Warning/2 IKE/0xA3000062

Attempted incoming connection from 206.191.36.218. Inbound connections are not allowed.

4 11:05:31.671 12/16/02 Sev=Warning/3 IKE/0xA3000053

Malformed or unrecognized INVALID SPI notify, ignoring.

5 11:23:15.609 12/16/02 Sev=Warning/3 IKE/0xA3000029

No keys are available to decrypt the received ISAKMP payload

6 11:23:21.640 12/16/02 Sev=Warning/3 IKE/0xA3000029

No keys are available to decrypt the received ISAKMP payload

7 11:23:27.984 12/16/02 Sev=Warning/3 IKE/0xA3000029

No keys are available to decrypt the received ISAKMP payload

8 11:23:40.843 12/16/02 Sev=Warning/3 IKE/0xA3000029

No keys are available to decrypt the received ISAKMP payload

9 11:23:49.859 12/16/02 Sev=Warning/3 IKE/0xA3000029

No keys are available to decrypt the received ISAKMP payload

10 11:24:01.906 12/16/02 Sev=Warning/3 IKE/0xA3000029

No keys are available to decrypt the received ISAKMP payload

11 11:24:10.984 12/16/02 Sev=Warning/3 IKE/0xA3000029

No keys are available to decrypt the received ISAKMP payload

12 11:24:23.000 12/16/02 Sev=Warning/3 IKE/0xA3000029

No keys are available to decrypt the received ISAKMP payload

13 11:24:31.968 12/16/02 Sev=Warning/3 IKE/0xA3000029

No keys are available to decrypt the received ISAKMP payload

14 11:24:52.984 12/16/02 Sev=Warning/3 IKE/0xA3000029

No keys are available to decrypt the received ISAKMP payload

=======================================================

I turned on all the login for the VPN (from LOW to HIGH), and managed to capture a disconnect. It has about 150 entries (I saved it as a .txt file). Can I e-mail this to somebody?

I have also copied the last few statements below:

152 12:43:27.468 12/16/02 Sev=Info/4 IKE/0x63000057

Received an ISAKMP message for a non-active SA

153 12:43:30.883 12/16/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:HEARTBEAT) to 206.191.36.218

154 12:43:30.883 12/16/02 Sev=Info/6 IKE/0x63000052

Sent a ping on the IKE SA

155 12:43:31.884 12/16/02 Sev=Info/5 IKE/0x63000018

Deleting IPsec SA: (OUTBOUND SPI = 9F495176 INBOUND SPI = D6095DD0)

156 12:43:31.884 12/16/02 Sev=Info/5 IKE/0x63000018

Deleting IPsec SA: (OUTBOUND SPI = 182E4040 INBOUND SPI = C897E903)

157 12:43:31.884 12/16/02 Sev=Info/5 IKE/0x63000017

Marking IKE SA for deletion (COOKIES = 936083F66F01D3BA 1F6111EAC660456B) reason = DEL_REASON_DONT_NOTIFY_CM

158 12:43:31.884 12/16/02 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 206.191.36.218

159 12:43:31.884 12/16/02 Sev=Info/4 CM/0x63100013

Phase 1 SA deleted cause by DEL_REASON_PEER_NOT_RESPONDING. 0 Phase 1 SA currently in the system

160 12:43:31.894 12/16/02 Sev=Info/5 CM/0x63100029

Initializing CVPNDrv

161 12:43:31.894 12/16/02 Sev=Info/6 CM/0x63100035

Tunnel to headend device 206.191.36.218 disconnected: duration: 0 days 0:4:2

162 12:43:31.924 12/16/02 Sev=Info/4 IPSEC/0x63700013

Delete internal key with SPI=0xd05d09d6

163 12:43:31.924 12/16/02 Sev=Info/4 IPSEC/0x6370000C

Key deleted by SPI 0xd05d09d6

164 12:43:31.924 12/16/02 Sev=Info/4 IPSEC/0x63700013

Delete internal key with SPI=0x7651499f

165 12:43:31.934 12/16/02 Sev=Info/4 IPSEC/0x6370000C

Key deleted by SPI 0x7651499f

166 12:43:31.934 12/16/02 Sev=Info/4 IPSEC/0x63700013

Delete internal key with SPI=0x03e997c8

167 12:43:31.934 12/16/02 Sev=Info/4 IPSEC/0x6370000C

Key deleted by SPI 0x03e997c8

168 12:43:31.934 12/16/02 Sev=Info/4 IPSEC/0x63700013

Delete internal key with SPI=0x40402e18

169 12:43:31.934 12/16/02 Sev=Info/4 IPSEC/0x6370000C

Key deleted by SPI 0x40402e18

170 12:43:31.934 12/16/02 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

171 12:43:31.934 12/16/02 Sev=Info/6 IPSEC/0x6370002B

Sent 297 packets, 0 were fragmented.

172 12:43:32.885 12/16/02 Sev=Info/6 DIALER/0x63300008

MAPI32 Information - Outlook not default mail client

173 12:43:33.837 12/16/02 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = 206.191.36.218

174 12:43:33.837 12/16/02 Sev=Warning/2 IKE/0xA3000062

Attempted incoming connection from 206.191.36.218. Inbound connections are not allowed.

===================================================

That's about all I know. Let me know if there is anymore information I can provide you to help us figure this out. Thanks

MA If you post a reply can you also email at

marc.andre.poitras@ams.com

and

rob.giesen@ams.com

thanks

MA