Re: VPN Connection comes down after roughly 8 Minutes inactivity

richard.werner · ‎12-01-2004

Hi all,

One of our customers uses Cisco VPN Clients for Windows to connect to a Cisco Pix 500.

The clients are behind a Linux NAT firewall.

The Problem we have here, is not that the VPN connection isn't working but it's coming down after (moraless) exactly 8 minutes of inactivity. It does stay up if the connection is busy and it also stays up, if the connection is made without a NAT device.

I already checked the logfiles on the NAT firewall, there is no sign of any packets being dropped after that period of time. Also, I tried sniffing traffic on the client side of the connection, there are no additional (since the connection itself is idle) packets being dropped.

What I'd need to know here is, how Cisco VPN does work and what could be the reason for this "tunnel timeout", which only takes place behind that NAT gateway.

Are there any special IP protocols (like GRE or SWIPE) involved?

Thank you very much for your support!

Richard

ehirsel · ‎12-01-2004

Enable logging on the cisco vpn client, and set the log level to 3 for IKE, connection manager, and the daemon. Then have a client behind the NAT device connect. Then when the connection ends, post the log results here.

One question: When you did the sniffer tracing, were you between the client and the nat device, or between the nat device and the pix?

richard.werner · ‎12-06-2004

Hi Edward,

thanks for your reply, I past your Info on and I

am still waiting for answer.

Regards

Richard