VPN Client: Reason 412 - The remote peer is no longer responding

Unanswered Question
Sep 24th, 2007

Hello,

we use the cisco vpn client since several years, but one problem is "still alive".

Several clients have the problem that the connection is terminated after some minutes (sometimes already after 2-5 minutes) with the in the title mentioned failure message.

We discovered that this problem will not occure if we, for example, make a permanent ping to a computer in the vpn. Also when there is permanent traffic the vpn client seems not to crash.

So, there must be a parameter that causes the vpn client to "think" after some time without traffic that the connection has been terminanted. And then the client termintes itsself, too.

Since now I didn't find a solution for this problem.

Does anybody else have this problem? Is there a solution for this behaviour?

Thank you.

Best regards!

I have this problem too.
2 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Jagdeep Gambhir Tue, 09/25/2007 - 05:08

Hi,

The error, "Secure VPN connection terminated locally by the Client. Reason 412. The remote peer is no longer responding". Means that the software VPN Client detected that the VPN server is not responding anymore and deleted the connection. Now, this is caused by several different issues, for example:

The User, is behind a firewall that is blocking UDP 4500/500 and/or ESP.

The VPN client is using connecting on TCP and that is blocked.

The internet connection is not good and some pkts are not reaching the VPN concentrator/server or the replies fromthe server/concentrator aren't getting to the

client, hence the client thinks the server is no longer available.

The VPN client is behind a NAT device and the VPN Server doesn't have NAT-T enabled. In

this case the user will not be able to send or receive traffic at all. It will be able to

connect but that's all. After some time the Software client deletes the VPN tunnel.

Regards,

~JG

khinze Tue, 09/25/2007 - 07:19

I have had this issue as well. I have also recreated with client on a switch port next door to ASA's Outside interface. So no Firewall/NAT-T, etc. Although those are all valid reasons for the error 412, sometimes the 412 kicks off and can't explain. Most of the time I believe it has to do with congested lines or the connection dropping too much traffic for whatever reason.

Race_Machine Wed, 09/26/2007 - 01:58

Only to avoid misunderstandings: the establishing of a vpn connection it not the problem. The problem is a timeout and therefor a terminating of the vpn connection.

This terminating can be avoided if you, for excample, make a pemenent ping to a server in the vpn. Then the vpn clients seems to notice that the connection is used or "is alive".

If you don't produce traffic some minutes, the vpn client normally disconnects very soon ...?!?

amandaneave Tue, 10/09/2007 - 20:39

I have the exact same problem with several clients (mac, Linux and XP) however I don't encounter is myself (on the same network).

One thing we did notice was that it seemed to improve somewhat when we changed from UDP to TCP.

I believe that it is due to network congestion but am not really sure (like I said - I don't have the problem but almost everyone else in the business does).

Actions

Login or Register to take actions

This Discussion

Posted September 24, 2007 at 6:30 AM
Stats:
Replies:5 Avg. Rating:
Views:43607 Votes:2
Shares:0
Tags: No tags.

Discussions Leaderboard