Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

VPN Client 4.9 to PIX 6.3(5) 501 Disconnects

I have a client who has multiple remote sites that use the Cisco VPN Client 4.9x to connect the Cisco PIX 501 at the main office. The VPN client connects just fine, stays connected for about ten minutes and disconnects. I have adjusted the parameters on the VPN client to support longer idle-times but still it disconnects. The only thing I am suspicious of is the timeout settings for half-open connections at exactly 10minutes. But this should not affect a live VPN connection should it?

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

isakmp policy 40 lifetime 86400

vpngroup NOSTORE idle-time 86400

vpngroup NOSTORE max-time 86400

vpngroup NOSTORE user-idle-timeout 57600

Community Member

Re: VPN Client 4.9 to PIX 6.3(5) 501 Disconnects

You're correct about the half-open connection timeout not affecting your vpn connection. In order to determine why the client is disconnecting (or why the PIX is disconnecting the client), we need a debug crypto isakmp 10 and debug crypto ipsec 10 from the PIX when the session is terminated. On the client side, we need to open the logging window and set the log settings to 3-high and get the log at the time of the disconnect. This info should give you an idea of where to go next. These are the hardest problems to troulshoot, so you need to gather as much info as possible.

Good Luck!

Community Member

Re: VPN Client 4.9 to PIX 6.3(5) 501 Disconnects

Thanks for the reply - I'll jot this down and try it - I figured it would take a debug to determine the issue - I wanted to see if there was some known issue with this version before going that route.

Thanks again

CreatePlease to create content