Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1347
Views
1
Helpful
1
Replies

Cisco VPN Client drops connection

arabindas
Level 1
Level 1

‎10-14-2008 05:37 AM

Hi Eveybody,

Recently one of our client has provided the VPN to us for conencting. Its a Cisco vpn client. The vpn connects fine, but after connecting, the remote desktop to the servers does not works.

to brief about the setup, the users are lying in a vlan, created on a Cisco ASA 5520. We have a access-list on that firewall allowiing full ip traffic to the client's vpn gateway. After that there is another perimeter firewall allowing access to Internet. On that we have done a static one-to-nat for the user machine trying to connect to that vpn.

When the user is int the vlan behind the Cisco ASA 5520, the vpn connects but remote desktop does not works. But once we move the machine out of the vlan to the normal network out of the firewall Cisco ASA 5520, the vpn connects and remote desktop as well works fine.

Below are the logs i have captured which are relevant to the problem. Please suggest how can this issue be solved. Sicne we have to have those machines in the vlan.

470 12:09:55.515 10/09/08 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to xx.xx.xx.xx

471 12:09:55.515 10/09/08 Sev=Info/6 IKE/0x6300003D

Sending DPD request to xx.xx.xx.xx, our seq# = 2844792354

474 12:09:55.785 10/09/08 Sev=Info/5 IKE/0x63000040

Received DPD ACK from xx.xx.xx.xx, seq# received = 2844792354, seq# expected = 2844792354

Labels:
0 Helpful
1 Reply 1

aghaznavi
Level 5
Level 5

‎10-20-2008 06:53 AM

Ideally, VPN connectivity is tested from devices behind the endpoint devices that do the encryption, yet many users test VPN connectivity with the ping command on the devices that do the encryption. While the ping generally works for this purpose, it is important to source your ping from the correct interface. If the ping is sourced incorrectly, it can appear that the VPN connection has failed when it really works. If ping works continuously then the problem can be that the xauth times out. Increase the timeout value for AAA server in order to resolve this issue.

For further information about troubleshoot the VPN connectivity click this link.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solunf

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents