cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
574
Views
1
Helpful
8
Replies

CVPN 3005 & 3020 : Remote Access Clients frozen during 60 seconds

gaetan.allart
Level 1
Level 1

Good morning,

I'm encoutering an interesting issue on two different CVPN boxes (Cisco VPN 3005 and 3020).

The thing is, when remote clients connect to the VPN gateway using their Cisco VPN client, then cannot reach any of my LAN hosts for about 60 seconds despite log-in procedure has ran fine.

Then, after about 60 seconds (sometimes less), connectivity to my network works well.

While they continuously ping one of my hosts, on the CVPN WebUI, session statistics show 0 in/out encrypted packets.

TCPDump at the back of the CVPN box shows no packets sent to my network (not even arp or whatever).

Is there any option I missed on my configuration to disable this annoying freeze time?

Thanks for helping if any of you has ever solved this.

Best regards,

Gaëtan

8 Replies 8

Farrukh Haroon
VIP Alumni
VIP Alumni

I'm not aware of any such setting to sort of put a delay() function on the clients :)

Try to put the desired Phase 1 profile on the top of the VPNC IKE proposals (Global). Phase 1 Parameters are always negotiated from the global proposals (Regardless of what you put in the Group >>> Ipsec Tab

Regards

Farrukh

Even if connection to the VPN gateway is established almost immediatly, do you really think phase 1 tuning might have an impact on this "delay"?

Because, during these 30~60 seconds, VPN Client is connected and IP address is given to the remote host.

NO Phase 1 is much before the IP assignment phase (which is part of mode config), but sometimes it takes a little time for the VPN statistics page to update. Does this happen on all clients?

Regards

Farrukh

Yes, it does and to different groups as well.

Could this be a WAN delay or excessive load on your 3005?

Regards

Farrukh

No chance.

Tested from two different ISP and got the issue on two different boxes (3305 & 3320).

Tried to reload the CVPN and upgrade to latest version without any result.

Ok thanks for the update.

Are you using split tunneling or local Lan access feature?

Regards

Farrukh

No split-tunneling. Everything's routed through the IPSec tunnel.

Regards,

Gaëtan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: