Cisco3006 vpn concentrator

Unanswered Question
May 2nd, 2007

Does anyone know how to change the default keep alive to 1 min?(I believe the default is 10 minutes). Our customer's VPN database application is eventually timing out when our wireless cards go into 'dormant' state.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hoogen_82 Tue, 05/08/2007 - 22:12

I think this is what you should be looking at

If there is no traffic sent between the VPN Concentrator and the VPN Client for a period of time, a Dead Peer Detection (DPD) packet is sent from the VPN Concentrator to the VPN Client to ensure its peer is still there. If there is a connectivity issue between the two peers where the VPN Client does not respond to the VPN Concentrator, the VPN Concentrator continues to send DPD packets over a period of time. This terminates the tunnel and generates the error if it does not receive a response during that time. Refer to Cisco bug ID CSCdz45586 ( registered customers only) .

The error should look like this:

SEV=4 AUTH/28 RPT=381 XXX.XXX.XXX.XX User [SomeUser] disconnected:

Duration: HH:MM:SS Bytes xmt: 19560 Bytes rcv: 17704 Reason:

Lost Service YYYY/MM/DD HH:MM:SS XXX.XXX.XXX.XXX

syslog notice

45549 MM/DD/YYYY HH:MM:SS SEV=4 IKE/123 RPT=XXX.XXX.XXX.XXX

Group [SomeDefault] User [SomeUser]

IKE lost contact with remote peer, deleting connection (keepalive type: DPD)Cause: The remote IKE peer did not respond to keepalives within the expected window of time, so the connection to the IKE peer was deleted. The message includes the keep-alive mechanism used. This issue is only reproducible if the public interface is disconnected during an active tunnel session. The customer needs to monitor their network connectivity as these events are generated to pinpoint the root cause of their potential network connectivity issue(s).

Disable IKE keepalive by going to %System Root%\Program Files\Cisco Systems\VPN Client\Profiles on the Client PC that experiences the issue, and edit the PCF file (where applicable) for the connection.

Change the 'ForceKeepAlives=0' (default) to 'ForceKeepAlives=1'.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_qanda_item09186a0080094cf4.shtml

-Hoogen

Do rate if this post helps you :)

dbellaze Wed, 05/09/2007 - 15:54

If you want IKE keepalives it is in the IPSec tab in the group configuration.

"Confidence Interval"

There is also an idle timer under the General tab in the group configuration.

Daniel

Actions

This Discussion