Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12299
Views
0
Helpful
2
Replies

VPN client keeps dropping after about 30 minutes

yoshinori-mori
Level 1
Level 1

‎09-06-2012 10:59 PM

There is an issue that cannot be solved.

Connection to ASA5505 from VPN client drops intermittenly like after 30 minutes.

I checked the following and added some to the existing configuration.

I added the 2 of the following to the DfltGrpPolicy

vpn-session-timeout none

vpn-idle-timeout none

and added

crypto ipsec security-association lifetime 86400

I checked by using ASDM also.

The parameters of the DfltGrpPolicy

are as follows.

Configuration - GroupPolicy - DfltGrpPolicy - General(Tab) - Connection Settings

Access Hours: Unrestricted

Maximum Connect Time: Unlimited

Idle Timeout: Unlimited

Configuration - GroupPolicy - DfltGrpPolicy - Client Configuration(Tab) - Cisco Client Parameters(Tab)

IPSecUDPPort - Enabled

Configuration - GroupPolicy - DfltGrpPolicy - Hardware Client(Tab)

User Authentication Idle Timeout: Unlimited

There's another group-policy that inherits the above configuration.

I have checked the inherit field for the policy configuration.

I refereced to many similar issue reports on websites.

However, I'm still far from the conclusion.

I'm at comma of what I should do next for this issue.

I appreciate if anybody could provide any possible resolution for this.

Yoshinori Mori

Labels:
0 Helpful
2 Replies 2

Anim Saxena
Level 1
Level 1

‎09-20-2012 08:50 PM

Hi Yoshinori,

There can be many reasons for the problem. I am stating some scenarios.

If the problem persists then feel free to post the query.

If the connection is not established even once,

then try for the following :

1. In this case, windows (inbuilt, or 3rd pary ) firewall  might be causing the issue. Solution is simple-- add that VPN client  program or port number to the exceptions list of the firewall. Depending  upon your configuration, port numbers can be for ESP, AH, isakmp etc.

2. If you are using NAT/PATin the configuration, check for the PROPER nat translations.

If the connection is terminated after connecting atleast once

Then It seems that something is changing your routing table after you connect. This is considered the sign of a trojan or backdoor.  So, the VPN client is configured to detect this change and immediately  shut the client down so that the remote network is not compromised by  someone unauthorized. You will need to open a command prompt and do a  'route print' before you try the VPN client. Save that output to a text  file. Then try the VPN client. Do a 'route print' right after you try to  connect and see what is different. Then when you get the disconnect, do  'route print' again. Hopefully you can isolate what route is coming and  going that is breaking the VPN client.

Another TRICKY issue is, When the computer goes into “Sleep” mode,

Your VPN connection is terminated. You must reconnect and re-enter your NetID and password.

Thanks and Regards

Anim Saxena

*Rate helpful post*

0 Helpful

Javier Portuguez
Level 9
Level 9
In response to Anim Saxena

‎09-21-2012 06:12 AM

Hi,

At this point, we need to gather logs from the client side and the ASA side,

debug crypto isakmp 190

debug crypto ipsec 190

Does it happen to all locations?

What message does the client pop-up?

Please let me know.

Thanks.

Portu.

0 Helpful
Customers Also Viewed These Support Documents