The Clients are using Sierra Wireless 595 aircards. Attached is my ASA running config. The tunnel Group PDClient is reporting the intermentent problem. I have also had the problem here and there. The default gateway on the client disappears. I do not see anything on the ASA I see the client as still connected. I push a proxy setting from the ASA so that all traffic comes into our web filtering St.Bernard.
Now I can access all my network resources. Windows Firewall was blocking. Sorry. I also had the subnet mask for allowing access to my 10.8 network. I am going to have to wait on reports from the field if they are continuing to drop.
I added the group of PDVCSO to the permit. It is working. I am waiting on my field officers to report back to me. I will let you know the outcome. What difference does should it make forcing all traffic like my original config compaired to only the selected traffic when I am forcing everything through the Proxy server?
Your remote clients go to internet through the VPN tunnel to into your web filtering St.Bernard? In this case my solution wont work, I think I confused with another question, above solution is for VPDN clients that lose local network connectivity. I apologize
I assume what you are talking about is "Error 433" and "Error 412 remote peer no longer responding" in VPN clientside that I encountered in another project of mine. I thought this was about idle-timeout and added the following
group-policy policynamehere attributes
10080 minutes, pretty good, but no, this is not the issue (I hope you solve yours with just setting the timeout value above). Clients were having trouble with their local net, short disconnects or leakages in internet connectivity, and they were getting disconnected.
First solution that I ve came up with was "Auto-initation".
That was OK, but when client disconnects, the error was popping up and auto initation would not function untill someone clicks ok to that error. After click OK, tunnel is up again in a few seconds. Maybe running VPN client fully in CLI mode prevent that pop up and that fixes your issue.
If you ask how did I ended up with the project, We asked Checkpoint to modify Secureclient for us to achieve what we want, and we deployed Checkpoint in the end. Cisco did not accept modifying their GUI software
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...