VPN drops when using GPRS Data Modems every 10 minutes

Unanswered Question
Sep 11th, 2008

Greetings,

I'm having a hard time here. One our customers uses a Cisco ASA 5540(IOS 8.0(3)10) and Cisco VPN Client v.5 to establish IPSec tunnels through the Internet.

When the remote user is behind ADSL Modems or Cable Modems there is not a single drop in the connection, he's able stay connected up to 2 or 3 days straight without a single drop. But, a few users use those new GPRS Modems to get access to the Internet and then establish the IPSec Tunnel, these users get a connection drop at about every 10 or 20 minutes. They're using the same tunnel-group and group-policy attributes.

It's one of our customer requests that there are no idle nor session timeouts configured, they're both set to 'none'. NAT-T is enabled and the isakmp keepalives threshold is set to 300seconds and retry set to 2, as suggested by Cisco.

Is there any special configurations that need to be done so they can have the same behavior as the users behind ADSL modems?

Right now, the IPSec over UDP is set. The next thing I'll try is use the IPSec over TCP setting, using port 10000.

Any ideas?

Thanks in advance!

Regards, Dan

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
didyap Wed, 09/17/2008 - 11:08

Then try a query with the various applications. There is a 90 second default window (set by the Peer Timeout in the VPN Client profile) before the VPN Client gives up on connectivity and brings the tunnel down.

In one case let the VPN Client terminate and see how the applications behave.

In another case restore the Internet connection after 30 seconds so that it can recover. Observe how the applications behave.

For verify the configuration and troubleshooting in Cisco ASA following guide will help you :

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/ike.html#wp1052135

Actions

This Discussion