Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
0
Helpful
4
Replies

VPN 3000 disconnects posts

charles.manley
Level 1
Level 1

‎01-07-2003 09:48 AM - edited ‎02-21-2020 12:16 PM

I've noticed a number of posts in regard to random disconnects as well as times when one can make a connection, but not pass any data through the tunnel.. Well after months of work with the TAC we found this CSCdx03837. We are running 3.6.3 on the concentrator and 3.5.1c on the client. The release notes for 3.6.3 say nothing about CSCdx03837, but if you step back to the 3.5.4 release notes for the concentrator its there... Anyway, thought I might share this and hopefully resolve anyone having this same issue and not having their secret cisco bug identifier search ring on.

Labels:
0 Helpful
4 Replies 4

e.l
Level 1
Level 1

‎01-09-2003 05:28 AM

Thanks for sharing. So, does it mean that v3.6.3 still has this bug ?

Regards

0 Helpful

charles.manley
Level 1
Level 1
In response to e.l

‎01-09-2003 06:57 AM

The bug is cleared up in 3.6.3 of the client and concentrator. Just make sure both are at 3.6.3 and it shouldn't be a problem.

0 Helpful

elijah.savage
Level 1
Level 1
In response to charles.manley

‎01-23-2003 12:35 PM

This Bug looks like it is in reference to a concentrator behind a PIX firewall. I am not behind a pix firewall and still see the same issues.

0 Helpful

charles.manley
Level 1
Level 1
In response to elijah.savage

‎01-23-2003 12:47 PM

I believe the reference is to the client being behind a PIX not necessarily the concentrator.

Also, when I've run into these issues I try to use TCP over IPSec. If that’s a problem try using IPSec over UDP and if that still isn't working you can always try it without transparent tunneling.

On occasion I will see users who get dropped over a dialup connection as well. The dialup stays connected, but the tunnel drops. In those instances its usually been a problem with latency that clears up later on or the next day. You can mess with the peer timeout value within the dialer and/or the forcekeepalives=1 option within the .pcf file.

Also consider this:

When using the VPN Client behind an ESP-aware NAT/Firewall, the port on the NAT/Firewall device may be closed due to the VPN Client's keepalive implementation, called DPD (Dead Peer Detection). When a client is idle, it does not send a keepalive until it sends data and gets no response.

To allow the VPN Client to work through ESP-aware NAT/Firewalls, add the ForceKeepAlives parameter to the *.pcf (profile configuration file) for the affected connection profile. This parameter enables IKE and ESP keepalives for the connection at approximately 20 second intervals.

Use the following syntax when adding this parameter to the [Main] section of any *.pcf file:

ForceKeepAlives=1

For more information, see "Connection Profile Configuration Parameters" in the VPN Client Administrator Guide.

Hope this helps..

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents