08-14-2007 12:11 AM - edited 02-21-2020 01:38 AM
Every 57 mins my client looses connection to the VPN concentrator Please find the logs attached from the VPN and Cisco Client
08-20-2007 08:50 AM
In order to resolve this issue, issue the crypto isakmp keepalive command on the router in global configuration mode. This allows the gateway to send DPD messages to the peer.
If the issue is related to the PIX Firewall version 6.x, issue the isakmp keepalive 10 command in global configuration mode. For PIX version 7.x and ASA, issue the isakmp keepalive 10 command in the IPsec tunnel configuration mode.
08-23-2007 10:29 AM
Here is a "Lost Service" error message and I have dpd enabled on the asa and the pix.
%ASA-4-113019: Group = 1.1.1.1, Username = 1.1.1.1, IP = 1.1.1.1, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 2d 5h:36m:43s, Bytes xmt: 86319957, Bytes rcv: 479782528, Reason: Lost Service
Any ideas?
09-23-2011 07:34 AM
Hi
you can see additioanl to this information the following URL:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_qanda_item09186a0080094cf4.shtml
here is a case discussed with the following infos:
A. If there is no traffic sent between the VPN Concentrator and the VPN Client for a period of time, a Dead Peer Detection (DPD) packet is sent from the VPN Concentrator to the VPN Client to ensure its peer is still there. If there ...CSCdz45586 ( registered customers only) .
The error should look like this:
SEV=4 AUTH/28 RPT=381 XXX.XXX.XXX.XX User [SomeUser] disconnected:
Duration: HH:MM:SS Bytes xmt: 19560 Bytes rcv: 17704 Reason:
Lost Service YYYY/MM/DD HH:MM:SS XXX.XXX.XXX.XXX
syslog notice
45549 MM/DD/YYYY HH:MM:SS SEV=4 IKE/123 RPT=XXX.XXX.XXX.XXX
Group [SomeDefault] User [SomeUser]
IKE lost contact with remote peer, deleting connection (keepalive type: DPD)Cause: The remote IKE peer did not respond to keepalives within the expected window of time, so the connection to the IKE peer was deleted. The message includes the keep-alive mechanism used. This issue is only reproducible if the public interface is disconnected during an active tunnel session. The customer needs to monitor their network connectivity as these events are generated to pinpoint the root cause of their potential network connectivity issue(s).
Disable IKE keepalive by going to %System Root%\Program Files\Cisco Systems\VPN Client\Profiles on the Client PC that experiences the issue, and edit the PCF file (where applicable) for the connection.
Change the 'ForceKeepAlives=0' (default) to 'ForceKeepAlives=1'.
If the problem persists, open a Service Request with Cisco Technical Support and provide the Client "Log Viewer" and the VPN Concentrator logs as the problem occurs.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: