Showing results for 
Search instead for 
Did you mean: 

VPN client keeps dropping after about 30 minutes

Level 1
Level 1

There is an issue that cannot be solved.

Connection to ASA5505 from VPN client drops intermittenly like after 30 minutes.

I checked the following and added some to the existing configuration.

I added the 2 of the following to the DfltGrpPolicy

vpn-session-timeout none

vpn-idle-timeout none

and added

crypto ipsec security-association lifetime 86400

I checked by using ASDM also.

The parameters of the DfltGrpPolicy

are as follows.

Configuration - GroupPolicy - DfltGrpPolicy - General(Tab) - Connection Settings

Access Hours: Unrestricted

Maximum Connect Time: Unlimited

Idle Timeout: Unlimited

Configuration - GroupPolicy - DfltGrpPolicy - Client Configuration(Tab) - Cisco Client Parameters(Tab)

IPSecUDPPort - Enabled

Configuration - GroupPolicy - DfltGrpPolicy - Hardware Client(Tab)

User Authentication Idle Timeout: Unlimited

There's another group-policy that inherits the above configuration.

I have checked the inherit field for the policy configuration.

I refereced to many similar issue reports on websites.

However, I'm still far from the conclusion.

I'm at comma of what I should do next for this issue.

I appreciate if anybody could provide any possible resolution for this.

Yoshinori Mori

2 Replies 2

Anim Saxena
Level 1
Level 1

Hi Yoshinori,

There can be many reasons for the problem. I am stating some scenarios.

If the problem persists then feel free to post the query.

If the connection is not established even once,

then try for the following :

1. In this case, windows (inbuilt, or 3rd pary ) firewall  might be causing the issue. Solution is simple-- add that VPN client  program or port number to the exceptions list of the firewall. Depending  upon your configuration, port numbers can be for ESP, AH, isakmp etc.

2. If you are using NAT/PATin the configuration, check for the PROPER nat translations.

If the connection is terminated after connecting atleast once

Then It seems that something is changing your routing table after you connect. This is considered the sign of a trojan or backdoor.  So, the VPN client is configured to detect this change and immediately  shut the client down so that the remote network is not compromised by  someone unauthorized. You will need to open a command prompt and do a  'route print' before you try the VPN client. Save that output to a text  file. Then try the VPN client. Do a 'route print' right after you try to  connect and see what is different. Then when you get the disconnect, do  'route print' again. Hopefully you can isolate what route is coming and  going that is breaking the VPN client.

Another TRICKY issue is, When the computer goes into “Sleep” mode,

Your VPN connection is terminated. You must reconnect and re-enter your NetID and password.

Thanks and Regards

Anim Saxena

*Rate helpful post*


At this point, we need to gather logs from the client side and the ASA side,

debug crypto isakmp 190

debug crypto ipsec 190

Does it happen to all locations?

What message does the client pop-up?

Please let me know.