Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
jim
New Member

Intraport client dropping connection behind Linux firewall

My Windows 2000 laptop has the Cisco Intraport 5000 V5.2.3 client loaded to connect to a corporate VPN. If the laptop is connected directly to an internet connection, everything works fine; but if the laptop is connected behind a Linux firewall computer, the VPN connection predictably fails after about 30 minutes (the time varies a good bit), and the only way to restore the connection is to reboot the laptop. The Linux firewall has IPSEC support loaded. Trying different laptops, of various makes and models, produces the same results. The connection log of the client simply shows "connection aborted". Internet access through non-vpn routes works without a problem. I suspect that either the DHCP / Proxy server at the corporate end is terminating the VPN connection, or the client software drops the VPN connection, perhaps because some kind of "status query" packets are not being answered, but that is only a guess, and I really do not know what the problem might be. Corporate support tells me to get rid of the Linux firewall and to make a direct connection, but that is not an option. Note that the Linux firewall does not support the NAT option. Can anyone familiar with the Cisco 5000 setup help me?

Thanks,

Addendum:

Here is a client debug log that shows the connection lost after about 30 minutes with rc = 232 (I assume that is an error/status code but have been unable to find out what it means).

(note: username, server and ip edited for security.)

========================================================================

Platform = Windows NT

Build # = 2195

CSDVersion = Service Pack 3

Client version = 5.2.3.1

UserName = vpnusr

IPPrimary = corp.vpn.pai.com

IPSecondary =

IPEnabled = 1

IPXEnabled = 0

NetBTEnabled = 1

ExcludeLocalLAN = 1

ExcludeDHCP = 1

UseFTCP = 0

FTCPDestinationPort = 80

System IP address = 192.168.0.101

new script: ISAKMP primary negotiation for <no id> (start)

manage @ 02/10/09 11:19:43 :: vpnusr (start)

02/10/09 11:19:43 doing ipri_init, (0 @ 0)

02/10/09 11:19:43 doing ipri_do_negotiation, (0 @ 0)

new script: ISAKMP secondary Aggr / shared-secret for vpnusr (start)

02/10/09 11:19:43 doing iass_init, (0 @ 0)

02/10/09 11:19:43 doing iass_build_pkt_1, (0 @ 0)

02/10/09 11:19:43 doing iass_send_pkt_1, (0 @ 0)

manage @ 02/10/09 11:19:43 :: vpnusr (done)

manage @ 02/10/09 11:19:43 :: vpnusr (start)

02/10/09 11:19:43 doing iass_process_pkt_2, (0 @ 0)

02/10/09 11:19:47 doing iass_rad_chal_resp, (0 @ 0)

manage @ 02/10/09 11:19:47 :: vpnusr (done)

manage @ 02/10/09 11:19:47 :: vpnusr (start)

02/10/09 11:19:47 doing iass_rad_mop_up, (0 @ 0)

manage @ 02/10/09 11:19:47 :: vpnusr (done)

manage @ 02/10/09 11:19:47 :: vpnusr (start)

02/10/09 11:19:47 doing iass_rad_mop_up, (0 @ 0)

manage @ 02/10/09 11:19:47 :: vpnusr (done)

manage @ 02/10/09 11:19:47 :: vpnusr (start)

02/10/09 11:19:47 doing iass_rad_mop_up, (0 @ 0)

02/10/09 11:19:47 doing iass_process_pkt_2, (0 @ 0)

02/10/09 11:19:48 doing iass_build_pkt_3, (0 @ 0)

02/10/09 11:19:48 doing iass_send_pkt_3, (0 @ 0)

manage @ 02/10/09 11:19:48 :: vpnusr (done)

manage @ 02/10/09 11:19:48 :: vpnusr (start)

02/10/09 11:19:48 doing iass_phase_2_start, (0 @ 0)

02/10/09 11:19:48 doing iass_last_op, (0 @ 0)

end script: ISAKMP secondary Aggr / shared-secret for vpnusr, (0 @ 0)

next script: ISAKMP primary negotiation for vpnusr, (0 @ 0)

02/10/09 11:19:48 doing ipri_negot_done, (0 @ 0)

02/10/09 11:19:48 doing ipri_start_p2, (0 @ 0)

new script: phase 2 responder for vpnusr (start)

02/10/09 11:19:48 doing rph2_init, (0 @ 0)

02/10/09 11:19:48 doing rph2_process_pkt_1, (0 @ 0)

02/10/09 11:19:48 doing rph2_build_pkt_2, (0 @ 0)

02/10/09 11:19:48 doing rph2_send_pkt_2, (0 @ 0)

manage @ 02/10/09 11:19:48 :: vpnusr (done)

manage @ 02/10/09 11:19:48 :: vpnusr (start)

02/10/09 11:19:48 doing rph2_pkt_3_wait, (0 @ 0)

02/10/09 11:19:48 doing rph2_config_SAs, (0 @ 0)

02/10/09 11:19:48 doing rph2_last_op, (0 @ 0)

end script: phase 2 responder for vpnusr, (0 @ 0)

next script: ISAKMP primary negotiation for vpnusr, (0 @ 0)

02/10/09 11:19:48 doing ipri_open_tunnel, (0 @ 0)

========================================================================

User vpnusr connected to corp.vpn.pai.com

IntraPort Version - v6.0.21.0003 (dalecki) US

IPNets Number = 1

Exclude IPNets Number = 0

Tunneled Nets IPAddress = 0.0.0.0

Tunneled Nets IPMask = 0.0.0.0

========================================================================

10/09/2002 11:19:48 <Status > V The user connected with IP Addr 208.1.148.1

02/10/09 11:19:48 doing ipri_start_maint, (0 @ 0)

new script: responder maintenance for vpnusr (start)

02/10/09 11:19:48 doing rmnt_init, (0 @ 0)

02/10/09 11:19:48 doing rmnt_maintenance, (0 @ 0)

manage @ 02/10/09 11:19:48 :: vpnusr (done)

manage @ 02/10/09 11:27:48 :: vpnusr (start)

02/10/09 11:27:48 doing rmnt_maintenance, (0 @ 0)

manage @ 02/10/09 11:27:48 :: vpnusr (done)

manage @ 02/10/09 11:35:48 :: vpnusr (start)

02/10/09 11:35:48 doing rmnt_maintenance, (0 @ 0)

manage @ 02/10/09 11:35:48 :: vpnusr (done)

manage @ 02/10/09 11:43:48 :: vpnusr (start)

02/10/09 11:43:48 doing rmnt_maintenance, (232 @ 379)

02/10/09 11:43:48 doing rmnt_last_op, (232 @ 379)

end script: responder maintenance for vpnusr, (232 @ 379)

next script: ISAKMP primary negotiation for vpnusr, (232 @ 379)

02/10/09 11:43:48 doing ipri_last_op, (232 @ 379)

end script: ISAKMP primary negotiation for vpnusr, (232 @ 379)

next script: <none> for vpnusr, (232 @ 379)

manage @ 02/10/09 11:59:06 :: vpnusr (done)

========================================================================

manage_1_conn exited with rc = 232

========================================================================

10/09/2002 11:59:06 <Status > S Connection to IntraPort lost

1 REPLY
Bronze

Re: Intraport client dropping connection behind Linux firewall

The problem must be something on the Linux firewall. Are there logs you can look through on the firewall to see what is happening at the time of failure? That's where I'd start.

91
Views
0
Helpful
1
Replies
CreatePlease to create content