Cisco3006 vpn concentrator

Unanswered Question
May 2nd, 2007
User Badges:

Does anyone know how to change the default keep alive to 1 min?(I believe the default is 10 minutes). Our customer's VPN database application is eventually timing out when our wireless cards go into 'dormant' state.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hoogen_82 Tue, 05/08/2007 - 22:12
User Badges:
  • Silver, 250 points or more

I think this is what you should be looking at

If there is no traffic sent between the VPN Concentrator and the VPN Client for a period of time, a Dead Peer Detection (DPD) packet is sent from the VPN Concentrator to the VPN Client to ensure its peer is still there. If there is a connectivity issue between the two peers where the VPN Client does not respond to the VPN Concentrator, the VPN Concentrator continues to send DPD packets over a period of time. This terminates the tunnel and generates the error if it does not receive a response during that time. Refer to Cisco bug ID CSCdz45586 ( registered customers only) .

The error should look like this:

SEV=4 AUTH/28 RPT=381 XXX.XXX.XXX.XX User [SomeUser] disconnected:

Duration: HH:MM:SS Bytes xmt: 19560 Bytes rcv: 17704 Reason:


syslog notice


Group [SomeDefault] User [SomeUser]

IKE lost contact with remote peer, deleting connection (keepalive type: DPD)Cause: The remote IKE peer did not respond to keepalives within the expected window of time, so the connection to the IKE peer was deleted. The message includes the keep-alive mechanism used. This issue is only reproducible if the public interface is disconnected during an active tunnel session. The customer needs to monitor their network connectivity as these events are generated to pinpoint the root cause of their potential network connectivity issue(s).

Disable IKE keepalive by going to %System Root%\Program Files\Cisco Systems\VPN Client\Profiles on the Client PC that experiences the issue, and edit the PCF file (where applicable) for the connection.

Change the 'ForceKeepAlives=0' (default) to 'ForceKeepAlives=1'.


Do rate if this post helps you :)

dbellaze Wed, 05/09/2007 - 15:54
User Badges:
  • Bronze, 100 points or more

If you want IKE keepalives it is in the IPSec tab in the group configuration.

"Confidence Interval"

There is also an idle timer under the General tab in the group configuration.



This Discussion