IKE lost contact with remote peer, deleting connection

darin.marais · ‎02-21-2008

Is anyone on the list aware of any problem with the IKE between the VPN clients 4.7.00.0533 and VPN c3000 4.7.2.F.

It seams that we have a few client in our network with this configuration that are disconnected shortly after a renewed key exchange has happened between the C3000 and the VPN client.

After the new key is added at the client, the next TCP heartbeat sent from the client to the c3000 is not receive or ack and then shortly after the c3000 sends a TCP RST to the client.

***Messages from the c3000 are:

15:24:20.850 IKE lost contact with remote peer, deleting connection (keepalive type: DPD)

15:24:20.850 Sending IKE Delete With Reason message: Connectivity to Client Lost.

***From the client

15:15:31.500

Added key with SPI=0x38c47387 into key list

Assigned VA private interface addr 172.x.x.x

Activate outbound key with SPI=0x16daa730 for inbound key with SPI=0x38c47387

15:19:38.328 _TCP heartbeat sent to x.x.x.x, src port 1273, dst port 10000

15:24:20.828 _TCP RST received from x.x.x.x, src port 10000, dst port 1273

15:24:38.828 _TCP heartbeat sent to x.x.x.x, src port 1273, dst port 10000

Thank you for any help in advance.

Report Inappropriate Content · ‎02-27-2008

There are number of workarounds for this issue. Try to change the MTU to a higher and lower value than the current one. If this doesnt't work try this workaound at your own risk ,on the Client PC that is having the issue, goto:

%System Root%\Program Files\Cisco Systems\VPN Client\Profiles and edit the PCF file for the connection. Change the 'ForceKeepAlives=0' to 'ForceKeepAlives=1'.