remote access vpn issue

Unanswered Question
Jul 22nd, 2008


we have remote access vpn configured it is working fine from my home & when i connect to vpn from my office it disconnects after 1hr, error is 412 remote peer is no longer responding

FYI: my office fw is Fortigate & remote end is asa 5505, please can someone help me out in this, its very urgent

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.alekseev Tue, 07/22/2008 - 00:17

check the settings on the office fw...

It look like you UDP session (IPSec over UDP in your case) has expired.

Also check "crypto isakmp keepalive ..." on the ASA.

gandhi.ganesh Tue, 07/22/2008 - 00:26

thanks for the quick reply,

please find the ASA configuration attached, their is no keepalive is configured & pls explain briefly what i need to check in my office fw

nomair_83 Tue, 07/22/2008 - 04:18

Dear your pfs is disabled in group policies.

please check and type crypt isakmp keepalive as well.

gandhi.ganesh Tue, 07/22/2008 - 04:34

can u pls explain or give the link about the use of this commands pfs & keepalive

FYI: we have L2L vpn, it is working no issues

my issue is RA VPN & my client also facing the same issue, as i said earlier from my home it is working no problem, In my office we using fortigate fw whether any changes needs to be done here

ggilbert Tue, 07/22/2008 - 09:36


With regard to your problem - it seems like after an hour the UDP port gets torn down so your IPSec connection gets disconnected.

If you configure keepalive on the tunnel-group that you are connecting to, this will try to keep up the session using keepalive packets from the server to the client.

If your office firewall blocks those keepalive messages then you have to allow those keepalive messages coming in from the ASA.

Here is a wiki on what PFS is

To just read about some explanation on PFS from Cisco's website, please click on the link below.

Hope this helps.



gandhi.ganesh Wed, 07/23/2008 - 00:10


I am connecting to same tunnel group from my home & office,

I am attaching the vpn client log file & error message which we got from office & home, hope this will give some more info



This Discussion