cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
347
Views
0
Helpful
2
Replies

vpn3000 concentrator - session disconnects after 1h

wholemans
Level 1
Level 1

We see a lot of session disconnects on our 3000, most of them just after one or two hours. The error message is allways the same in the logs : Peer Address Changed. But we also have this with pc's on the same network as the vpn server and then, there is no NAT or address change on the client PC that could trigger this. We see this with all types of cisco vpn client software : W2K, XP, MacOS. This is very annoying for our users. Anyone a solution ? A parameter we can change ?

2 Replies 2

bbaley
Level 3
Level 3

I have a couple of questions for you:

1. Are all your users getting disconnected after 1 or 2 hrs simultaneously?

2. How are your users getting authenticated?.Via a local database or via external aaa server?.

If via an ACS(aaa) server, could you check on the ACS Server if you have any Session Timeout settings configured either for the Group or the users.

If session timeout is set,check disabling the max connect time on the ACS makes any difference.

1. As far as i can tell from the logs, yes : Even a local testpc connected to the same switch as the vpn server 'internet' port (so no firewall, ips, ... that can disturb the connection) is disconnected after 1

hour. It also happens with remote clients with or without NAT translation enabled.

2. authentication via acs towards MS AD server

I have to check the settings with my collegue who is

responsible for the vpn server (but hasn't cco access for the moment yet).

We work with 1 client certificate for all users but

users have to authenticate via the ACS against our

Active Directory.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: