Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
871
Views
0
Helpful
5
Replies

VPN Connection timeouts

gwilburn
Level 1
Level 1

‎01-10-2003 08:58 AM - edited ‎02-21-2020 12:16 PM

We are connecting some clients to our AS400 via a VPN. They are experiencing a disconnect from the 400 just about every 15 minutes. What could be causing this?

Labels:
0 Helpful
5 Replies 5

jfrahim
Level 5
Level 5

‎01-10-2003 11:26 AM

Hi there,

you see disconnects every 15 minutes from the AS400 server . Do you know if your tunnel also goes down after every 15 mins ?

Also, if you have a continuous ping going to the AS400 server from the client machine while your AS400 session is up, do you also see the disconnects?

Thanks

Jazib

0 Helpful

gwilburn
Level 1
Level 1
In response to jfrahim

‎01-10-2003 12:58 PM

Here is the part of the debug that is sticking out, to me:

1d11h: ISAKMP (0:4): peer does not do paranoid keepalives.

1d11h: ISAKMP (0:4): deleting node 1735001000 error FALSE reason "informational (in) state 1"

1d11h: ISAKMP (0:4): Input = IKE_MESG_FROM_PEER, IKE_INFO_DELETE

1d11h: ISAKMP (0:4): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

1d11h: IPSEC(key_engine): got a queue event...

1d11h: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP

1d11h: IPSEC(key_engine_delete_sas): delete SA with spi 1011521112/50 for 162.33.143.168

1d11h: IPSEC(delete_sa): deleting SA,

-------------------------------------------------------------

THe problem is that these people have about 3 different AS400 sessions active. One of their sessions will time out, while the other won't(thats what I am told). That is what has me confused.

0 Helpful

jfrahim
Level 5
Level 5
In response to gwilburn

‎01-10-2003 02:31 PM

hmm .. If the other sessions are not timing out, then I believe your VPN tunnel is not going down. Do you think the AS400 session could be getting disconnected because of latency or timing?

Jazib

0 Helpful

gwilburn
Level 1
Level 1
In response to jfrahim

‎01-13-2003 10:38 AM

I am not the AS400 guru, but from what I am told, the timer is set at max.

0 Helpful

r-ta
Level 1
Level 1
In response to gwilburn

‎01-22-2003 11:23 AM

This is what I observed in my case: For some reason, a user session starts with one IKE session, and two IPSec sessions. The first IPSec session has the local address of the external interface. The second IPSec session has the local address of 0.0.0.0/255.255.255.255. No traffic is going through the first IPSec session; therefore the duration = (first IPSec session) idle time. All traffic seems to go through the second IPSec session; therefore idle time is very low. Once the duration = (first IPSec session) idle time = group's idle timeout, frequently, and not always, the session is disconnected. If not connected, basically, the first IPSec session disappear, and the idle time of the second IPSec session never reaches the group's idle timeout. (Concentrator v.3.6.3)

0 Helpful
Customers Also Viewed These Support Documents