Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISAKMP timeout (over GPRS) ?

I have got strange situation. If I connect to VPN server using home GPRS network VPN service works fine. As soon as the same client (same computer, same Cisco VPN client) goes abroad, there are complains that VPN access does not work. Although I see that packets come in on UDP:500.

It does seem that ISAKMP phase times out in excanging certificates because it takes longer from foreign GPRS network ! I tried to find how to enlarge the initial ISAKMP timeout but was not successful yet :-( Any idea ?

4 REPLIES
New Member

Re: ISAKMP timeout (over GPRS) ?

But this problem does not look like something to do with timeout.

New Member

Re: ISAKMP timeout (over GPRS) ?

But ACL log shows packets are coming in:

Nov 19 15:23:23: %SEC-6-IPACCESSLOGP: list 102 permitted udp 210.117.153.165(500) -> XXX.XXX.XXX.XXX(500), 5 packets

I looked at "debug crypto isakmp" - it seemed quite normal. The idea about timeout came to my mind because if I do not enter username/password (already after ISAKMP phase with certificates is done) just for a few seconds it times out and disconnects.

New Member

Re: ISAKMP timeout (over GPRS) ?

Hi,

I've encountered the same problems with some of my users who vpn from home using GPRS. I too suspected that the connection failed because of the timing for ISAKMP was 'out of sync'. So to fix that, I just switched the option on the Cisco VPN client (Properties -- Transport) to enable transparent tunneling 'IPSec over TCP' and problem was solved. At least with TCP, it'll provide a mechanism with reliability instead using unreliable UDP. Hope this helps in some way.

-mrew-

New Member

Re: ISAKMP timeout (over GPRS) ?

Thanks for an advice ! I do suspect that my Cisco Router 3620 with IOS=c3620-ik9o3s7-mz.122-15.T9.bin does not support Transparent Tunneling over TCP ? Might be some configuration has to be done ?

What kind of device are You using as VPN concentrator ?

296
Views
0
Helpful
4
Replies