3000 series concentrators and 412 disconnects after 2-3 minutes
I have been struggling with this problem for months and I've been searching through the various forums & documentation here trying to find a solution and I'm pretty much at a complete loss.
The problem is that a remote user (regardless of connction type, broadband, dsl, dialup, et. al) establishes a vpn session and within a period of 2 to 3 minutes it's terminated with the infamous 412 error. After looking at the log entries on both the concentrator & the client, about the only thing odd I can find is that the DPD ACK seq# expected value is offset by 2 when compared to the seq# received.
And about the only consistant thing is that once the agent on the endpoint starts spitting out dpd values that are not matching, it's only a matter of time before the session is terminated.
I have enclosed both the concentrators live log and the client logs for the time this is happened. And at this point the problem is fairly consistent.
I've set up a 3005 concentrator in my office and am trying to simulate the general environment that my users are usually in. And the configuration is as follows:
3005 running 4.1.7Q
PC Running Windows XP SP2 (including all current hotfixes and patches)
Symantec (Sygate) SPA 5.1 build 6501
Cisco VPN client 4.8.01.0300
If anybody could think of something I'm missing or can see something in the logs where something doesn't seem right, please let me know as I've got a huge target on my back and a herd of really irate remote users looking for me.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...