11-14-2008 05:16 PM - edited 03-04-2019 12:20 AM
Hi, I have a Cisco ASA 5505. I have several hardware VPNs connected to it. These stay up (most of the time). However, I have a couple of users who connect using the software client. They are actually on another network so they use a split network. My network takes their 10.1.1.0 traffic. I named their tunnel "companion". For these users, about once a day, or maybe every 6 hours, they lose their connection to the ASA. The lock icon still says it's connected, but they can't reach our servers. They can fix it by simply disconnecting and reconnecting the lock. I have no idea what causes this problem, but I am no Cisco expert. I attached my config. If anyone sees something I am doing grievously wrong for the Companion group or anywhere else, please tell me. It would be much appreciated. Tell me if I can provide any further information. I also pinged their internet connection and that's not it. Their internet connection stays up, but I lose the ping to their computers when this happens.
11-15-2008 04:33 AM
Hello Chris,
from your configuration I see the following:
policy DfltGrpPolicy
contains the following commands:
vpn-idle-timeout none
vpn-session-timeout none
instead in the policy companion the two commands are missing.
in the section of timeouts we see:
timeout uauth 0:05:00 absolute
but you say that users are able to work for more time and the ipsec tunnel is teared down one a day or every 6 hours.
I would try to add the aforementioned commands under policy companion.
Another thought:
the ipsec connection can be closed by both sides so also have a look at vpn SW on PCs.
Hope to help
Giuseppe
11-19-2008 10:18 AM
Hi,
Thanks for the advice on this. I am actually a bit more confused now. Over the weekend, I was able to run the connection from my home to my office for 3 days straight. I am starting to suspect the client side network. I will implement what you have listed here and also run some tests on site over there. I will post what happens.
11-19-2008 01:23 PM
I had to upgrade my user's VPN client to v5.0.03 when I moved VPN from my old 3005 to the new ASA. That fixed their issues with dropping connections.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide