Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6528
Views
0
Helpful
3
Replies

VPN client : error Lost Service

network_team
Level 1
Level 1

‎08-14-2007 12:11 AM - edited ‎02-21-2020 01:38 AM

Every 57 mins my client looses connection to the VPN concentrator Please find the logs attached from the VPN and Cisco Client

Preview file
157 KB
Preview file
118 KB
0 Helpful
3 Replies 3

pradeepde
Level 5
Level 5

‎08-20-2007 08:50 AM

In order to resolve this issue, issue the crypto isakmp keepalive command on the router in global configuration mode. This allows the gateway to send DPD messages to the peer.

If the issue is related to the PIX Firewall version 6.x, issue the isakmp keepalive 10 command in global configuration mode. For PIX version 7.x and ASA, issue the isakmp keepalive 10 command in the IPsec tunnel configuration mode.

0 Helpful

acomiskey
Level 10
Level 10
In response to pradeepde

‎08-23-2007 10:29 AM

Here is a "Lost Service" error message and I have dpd enabled on the asa and the pix.

%ASA-4-113019: Group = 1.1.1.1, Username = 1.1.1.1, IP = 1.1.1.1, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 2d 5h:36m:43s, Bytes xmt: 86319957, Bytes rcv: 479782528, Reason: Lost Service

Any ideas?

0 Helpful

cturacci
Level 1
Level 1
In response to acomiskey

‎09-23-2011 07:34 AM

Hi

you can see additioanl to this information the following URL:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_qanda_item09186a0080094cf4.shtml

here is a case discussed with the following infos:

Q.    What does the error message "Lost Service"   mean?

A. If there is no traffic sent between the VPN Concentrator and the VPN       Client for a period of time, a Dead Peer Detection (DPD) packet is sent from       the VPN Concentrator to the VPN Client to ensure its peer is still there. If       there ...CSCdz45586 ( registered customers only)         .

The error should look like this:

SEV=4 AUTH/28 RPT=381 XXX.XXX.XXX.XX User [SomeUser] disconnected:
Duration: HH:MM:SS Bytes xmt: 19560 Bytes rcv: 17704 Reason: 
Lost Service YYYY/MM/DD HH:MM:SS XXX.XXX.XXX.XXX
syslog notice 
45549 MM/DD/YYYY HH:MM:SS SEV=4 IKE/123 RPT=XXX.XXX.XXX.XXX
Group [SomeDefault] User [SomeUser]
IKE lost contact with remote peer, deleting connection (keepalive type: DPD)

Cause: The remote IKE peer did not respond to       keepalives within the expected window of time, so the connection to the IKE       peer was deleted. The message includes the keep-alive mechanism used. This       issue is only reproducible if the public interface is disconnected during an       active tunnel session. The customer needs to monitor their network connectivity       as these events are generated to pinpoint the root cause of their potential       network connectivity issue(s).

Disable IKE keepalive by going to %System Root%\Program       Files\Cisco Systems\VPN Client\Profiles on the Client PC that       experiences the issue, and edit the PCF file (where       applicable) for the connection.

Change the 'ForceKeepAlives=0' (default) to       'ForceKeepAlives=1'.

If the problem persists, open a Service Request with       Cisco Technical Support and       provide the Client "Log Viewer" and the VPN Concentrator logs as the problem       occurs.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card