Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote VPN connection drop intermittently.

Cisco VPN client remote VPN to Pix520

V6.3.4. A number of users from differnt location is having the same problem. i.e intermittently get disconnected and having to reconnect again. The time before disconnection can varies b/t 15 minutes up to just over 1 hour.

Here is the log from both the Pix and CVPN client captured when it happened.

IP address had been masked as XXX and YYY.

Logg from Pix Firewall running 6.3.4

2006-09-30 10:57:45 Local4.Info FWUDCVPN01 %PIX-6-602302: deleting SA, (sa) sa_dest= XXX.202.141.120, sa_prot= 50, sa_spi= 0xf8cdd4fc(4174238972), sa_trans= esp-des esp-md5-hmac , sa_conn_id= 6

2006-09-30 10:57:45 Local4.Info FWUDCVPN01 %PIX-6-602302: deleting SA, (sa) sa_dest= YYY.106.17.33, sa_prot= 50, sa_spi= 0x21bf705d(566194269), sa_trans= esp-des esp-md5-hmac , sa_conn_id= 5

2006-09-30 10:57:45 Local4.Info FWUDCVPN01 %PIX-6-602203: ISAKMP session disconnected (local XXX.202.141.120 (responder), remote YYY.106.17.33)

2006-09-30 10:57:46 Local4.Debug FWUDCVPN01 %PIX-7-702202: ISAKMP Phase 1 delete sent (local XXX.202.141.120 (responder), remote YYY.106.17.33)

Log from Cisco VPN client version 4.8

907 10:57:31.314 09/30/06 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

908 10:57:41.329 09/30/06 Sev=Info/6 IKE/0x63000055

Sent a keepalive on the IPSec SA

909 10:57:44.483 09/30/06 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = XXX.202.141.120

910 10:57:44.483 09/30/06 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, DEL) from XXX.202.141.120

911 10:57:44.483 09/30/06 Sev=Info/5 IKE/0x63000018

Deleting IPsec SA: (OUTBOUND SPI = F8CDD4FC INBOUND SPI = 21BF705D)

912 10:57:44.483 09/30/06 Sev=Info/4 IKE/0x63000049

Discarding IPsec SA negotiation, MsgID=744F6167

913 10:57:44.844 09/30/06 Sev=Info/4 IPSEC/0x63700013

Delete internal key with SPI=0x5d70bf21

914 10:57:44.844 09/30/06 Sev=Info/4 IPSEC/0x6370000C

Key deleted by SPI 0x5d70bf21

915 10:57:44.844 09/30/06 Sev=Info/4 IPSEC/0x63700013

Delete internal key with SPI=0xfcd4cdf8

916 10:57:44.844 09/30/06 Sev=Info/4 IPSEC/0x6370000C

Key deleted by SPI 0xfcd4cdf8

917 10:57:45.475 09/30/06 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = XXX.202.141.120

918 10:57:45.475 09/30/06 Sev=Info/4 IKE/0x63000014

RECEIVING <<< ISAKMP OAK INFO *(HASH, DEL) from XXX.202.141.120

919 10:57:45.475 09/30/06 Sev=Info/5 IKE/0x6300003C

Received a DELETE payload for IKE SA with Cookies: I_Cookie=51920D8301E57492 R_Cookie=0DC8CA40233A804A

920 10:57:45.475 09/30/06 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=51920D8301E57492 R_Cookie=0DC8CA40233A804A) reason = PEER_DELETE-IKE_DELETE_UNSPECIFIED

921 10:57:46.336 09/30/06 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=51920D8301E57492 R_Cookie=0DC8CA40233A804A) reason = PEER_DELETE-IKE_DELETE_UNSPECIFIED

922 10:57:46.336 09/30/06 Sev=Info/4 CM/0x63100013

Phase 1 SA deleted cause by PEER_DELETE-IKE_DELETE_UNSPECIFIED. 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

4 REPLIES
New Member

Re: Remote VPN connection drop intermittently.

Is the time synchronized on the clients and the PIX?

New Member

Re: Remote VPN connection drop intermittently.

Both are synch to different NTP source.

Cisco Employee

Re: Remote VPN connection drop intermittently.

Hi,

Based on the client logs, it looks like the client received an IKE Delete message from the Pix. Now, the question is.. why did the Pix send a Delete Notification.

Please post the complete logs from the VPN Client and Pix when you experience this issue.

Regards,

Arul

New Member

Re: Remote VPN connection drop intermittently.

Vpnclient and Pix Syslog. Also include "debug.txt" which have both debug cryp isakmp and debug cry ipsec.

XXX.XXX.XXX.148 being the client and gateway IP.

1026
Views
0
Helpful
4
Replies