Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

CVPN 3005 & 3020 : Remote Access Clients frozen during 60 seconds

Good morning,

I'm encoutering an interesting issue on two different CVPN boxes (Cisco VPN 3005 and 3020).

The thing is, when remote clients connect to the VPN gateway using their Cisco VPN client, then cannot reach any of my LAN hosts for about 60 seconds despite log-in procedure has ran fine.

Then, after about 60 seconds (sometimes less), connectivity to my network works well.

While they continuously ping one of my hosts, on the CVPN WebUI, session statistics show 0 in/out encrypted packets.

TCPDump at the back of the CVPN box shows no packets sent to my network (not even arp or whatever).

Is there any option I missed on my configuration to disable this annoying freeze time?

Thanks for helping if any of you has ever solved this.

Best regards,

Gaëtan

8 REPLIES

Re: CVPN 3005 & 3020 : Remote Access Clients frozen during 60 se

I'm not aware of any such setting to sort of put a delay() function on the clients :)

Try to put the desired Phase 1 profile on the top of the VPNC IKE proposals (Global). Phase 1 Parameters are always negotiated from the global proposals (Regardless of what you put in the Group >>> Ipsec Tab

Regards

Farrukh

Community Member

Re: CVPN 3005 & 3020 : Remote Access Clients frozen during 60 se

Even if connection to the VPN gateway is established almost immediatly, do you really think phase 1 tuning might have an impact on this "delay"?

Because, during these 30~60 seconds, VPN Client is connected and IP address is given to the remote host.

Re: CVPN 3005 & 3020 : Remote Access Clients frozen during 60 se

NO Phase 1 is much before the IP assignment phase (which is part of mode config), but sometimes it takes a little time for the VPN statistics page to update. Does this happen on all clients?

Regards

Farrukh

Community Member

Re: CVPN 3005 & 3020 : Remote Access Clients frozen during 60 se

Yes, it does and to different groups as well.

Re: CVPN 3005 & 3020 : Remote Access Clients frozen during 60 se

Could this be a WAN delay or excessive load on your 3005?

Regards

Farrukh

Community Member

Re: CVPN 3005 & 3020 : Remote Access Clients frozen during 60 se

No chance.

Tested from two different ISP and got the issue on two different boxes (3305 & 3320).

Tried to reload the CVPN and upgrade to latest version without any result.

Re: CVPN 3005 & 3020 : Remote Access Clients frozen during 60 se

Ok thanks for the update.

Are you using split tunneling or local Lan access feature?

Regards

Farrukh

Community Member

Re: CVPN 3005 & 3020 : Remote Access Clients frozen during 60 se

No split-tunneling. Everything's routed through the IPSec tunnel.

Regards,

Gaëtan

166
Views
1
Helpful
8
Replies
CreatePlease to create content