Hello,

I recognized a problem what occurs only with Windows Vista and Windows 7 (not important if 32bit / 64bit). The Clients connects using
L2TP to the ASA 5520 Version 8.05. The VPN tunnels comes up. So far no problem. After exactly 6 hours the session disconnects even if the user is working, whereas the Internet connection is definitely not the problem.

We could reproduce the effect with diferent Windows7 - computers.

At the ASA the connection timeout for VPN sessions is set to unlimited, the ipsec  SA is set to 3600, Maximum connect time: unlimited,

Idle timeout: unlimited.

Does anybody know about that problem? How can it be solved?

It looks that sowmthing with the rekeying isgoing wrong

Nov 27 15:05:49 nderr231.de.festo.net Nov 27 2009 15:05:47 NDERR231 : %ASA-5-713120: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, PHASE 2 COMPLETED (msgid=22d12f94)
Nov 27 15:56:47 nderr231.de.festo.net Nov 27 2009 15:56:47 NDERR231 : %ASA-5-713041: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, IKE Initiator: Rekeying Phase 2, Intf outside, IKE Peer 217.228.150.247  local Proxy Address
141.130.50.231, remote Proxy Address 217.228.150.247,  Crypto map (outside_dyn_map0)
Nov 27 15:56:47 nderr231.de.festo.net Nov 27 2009 15:56:47 NDERR231 : %ASA-5-713049: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, Security negotiation complete for User (xxx)  Responder, Inbound SPI = 0x4010dab1, Outbound S
PI = 0x504cd333
Nov 27 15:56:47 nderr231.de.festo.net Nov 27 2009 15:56:47 NDERR231 : %ASA-5-713120: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, PHASE 2 COMPLETED (msgid=84239f47)
Nov 27 15:59:47 nderr231.de.festo.net Nov 27 2009 15:59:47 NDERR231 : %ASA-5-713041: Username = xxx, IP = 217.228.150.247, IKE Initiator: Rekeying Phase 1, Intf outside, IKE Peer 217.228.150.247  local Proxy Address N/A, remote Proxy Ad
dress N/A,  Crypto map (N/A)
Nov 27 15:59:47 nderr231.de.festo.net Nov 27 2009 15:59:47 NDERR231 : %ASA-5-713119: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, PHASE 1 COMPLETED
Nov 27 15:59:47 nderr231.de.festo.net Nov 27 2009 15:59:47 NDERR231 : %ASA-5-713041: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, IKE Initiator: Rekeying Phase 2, Intf outside, IKE Peer 217.228.150.247  local Proxy Address
141.130.50.231, remote Proxy Address 217.228.150.247,  Crypto map (outside_dyn_map0)
Nov 27 15:59:48 nderr231.de.festo.net Nov 27 2009 15:59:48 NDERR231 : %ASA-5-713049: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, Security negotiation complete for User (xxx)  Initiator, Inbound SPI = 0x726c5fd4, Outbound S
PI = 0xd8a5e48a
Nov 27 15:59:48 nderr231.de.festo.net Nov 27 2009 15:59:48 NDERR231 : %ASA-5-713120: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, PHASE 2 COMPLETED (msgid=cc008b97)
Nov 27 15:59:48 nderr231.de.festo.net Nov 27 2009 15:59:48 NDERR231 : %ASA-5-713050: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, Connection terminated for peer xxx.  Reason: Peer Terminate  Remote Proxy N/A, Local Proxy N/A
Nov 27 15:59:48 nderr231.de.festo.net Nov 27 2009 15:59:48 NDERR231 : %ASA-5-713259: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, Session is being torn down. Reason: L2TP initiated
Nov 27 15:59:48 nderr231.de.festo.net Nov 27 2009 15:59:48 NDERR231 : %ASA-4-113019: Group = L2TPClient, Username = xxx, IP = 217.228.150.247, Session disconnected. Session Type: L2TPOverIPsecOverNatT, Duration: 6h:00m:01s, Bytes xmt: 3
060852, Bytes rcv: 3231213, Reason: L2TP initiated

Thank you in advance for Help

Gerhard