VPN Client 4.9 to PIX 6.3(5) 501 Disconnects

Unanswered Question

I have a client who has multiple remote sites that use the Cisco VPN Client 4.9x to connect the Cisco PIX 501 at the main office. The VPN client connects just fine, stays connected for about ten minutes and disconnects. I have adjusted the parameters on the VPN client to support longer idle-times but still it disconnects. The only thing I am suspicious of is the timeout settings for half-open connections at exactly 10minutes. But this should not affect a live VPN connection should it?

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

isakmp policy 40 lifetime 86400

vpngroup NOSTORE idle-time 86400

vpngroup NOSTORE max-time 86400

vpngroup NOSTORE user-idle-timeout 57600

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bthibode Tue, 01/30/2007 - 19:32

You're correct about the half-open connection timeout not affecting your vpn connection. In order to determine why the client is disconnecting (or why the PIX is disconnecting the client), we need a debug crypto isakmp 10 and debug crypto ipsec 10 from the PIX when the session is terminated. On the client side, we need to open the logging window and set the log settings to 3-high and get the log at the time of the disconnect. This info should give you an idea of where to go next. These are the hardest problems to troulshoot, so you need to gather as much info as possible.

Good Luck!


This Discussion