Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
340
Views
0
Helpful
2
Replies

Cisco3006 vpn concentrator

roy.choi
Level 1
Level 1

‎05-02-2007 05:38 AM

Does anyone know how to change the default keep alive to 1 min?(I believe the default is 10 minutes). Our customer's VPN database application is eventually timing out when our wireless cards go into 'dormant' state.

Labels:
0 Helpful
2 Replies 2

hoogen_82
Level 4
Level 4

‎05-08-2007 10:12 PM

I think this is what you should be looking at

If there is no traffic sent between the VPN Concentrator and the VPN Client for a period of time, a Dead Peer Detection (DPD) packet is sent from the VPN Concentrator to the VPN Client to ensure its peer is still there. If there is a connectivity issue between the two peers where the VPN Client does not respond to the VPN Concentrator, the VPN Concentrator continues to send DPD packets over a period of time. This terminates the tunnel and generates the error if it does not receive a response during that time. Refer to Cisco bug ID CSCdz45586 ( registered customers only) .

The error should look like this:

SEV=4 AUTH/28 RPT=381 XXX.XXX.XXX.XX User [SomeUser] disconnected:

Duration: HH:MM:SS Bytes xmt: 19560 Bytes rcv: 17704 Reason:

Lost Service YYYY/MM/DD HH:MM:SS XXX.XXX.XXX.XXX

syslog notice

45549 MM/DD/YYYY HH:MM:SS SEV=4 IKE/123 RPT=XXX.XXX.XXX.XXX

Group [SomeDefault] User [SomeUser]

IKE lost contact with remote peer, deleting connection (keepalive type: DPD)Cause: The remote IKE peer did not respond to keepalives within the expected window of time, so the connection to the IKE peer was deleted. The message includes the keep-alive mechanism used. This issue is only reproducible if the public interface is disconnected during an active tunnel session. The customer needs to monitor their network connectivity as these events are generated to pinpoint the root cause of their potential network connectivity issue(s).

Disable IKE keepalive by going to %System Root%\Program Files\Cisco Systems\VPN Client\Profiles on the Client PC that experiences the issue, and edit the PCF file (where applicable) for the connection.

Change the 'ForceKeepAlives=0' (default) to 'ForceKeepAlives=1'.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_qanda_item09186a0080094cf4.shtml

-Hoogen

Do rate if this post helps you :)

0 Helpful

dbellaze
Level 4
Level 4

‎05-09-2007 03:54 PM

If you want IKE keepalives it is in the IPSec tab in the group configuration.

"Confidence Interval"

There is also an idle timer under the General tab in the group configuration.

Daniel

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents