Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote VPN to Pix V6.3.4 problem.

Any one succesfully deploy Remote VPN using the above configuration in particular V6.3.4. I am having problem where client losing conneciton and think it is related to bug CSCef17703 " Premature invalid SPI with dynamic crypto map" but not 100% sure. Full description of problem has been described in post http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Virtual%20Private%20Networks&topic=General&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddc5b75

4 REPLIES
Silver

Re: Remote VPN to Pix V6.3.4 problem.

software upgrade to 6.3.5 will resolve the problem

New Member

Re: Remote VPN to Pix V6.3.4 problem.

I had upgraded to 6.3.5 and the connection consistently disconnected after about 30 minutes when idling. Below is the message from the client side.

"Secure VPN Connection terminated by Peer

Reason 433:(Reason Not Specified by Peer)"

Which timer do I check that disconnect after about 30 minutes?

Cisco Employee

Re: Remote VPN to Pix V6.3.4 problem.

I took a look at the logs on the Pix and VPN Client that you had posted.

From the logs, the Pix Terminated the VPN Client session because it sent out a DPD Packet to the client and did not get a response.

Do you have "isakmp keepalive" configured on the pix. If so, what are the values.

If you do not have "isakmp keepalive" configured, can you try configuring it and see if it makes a difference.

"isakmp keepalive 30 10"

Also, what is the idle timeout configured for the VPN Group the user is connecting to.

Let me know if it helps.

Regards,

Arul

New Member

Re: Remote VPN to Pix V6.3.4 problem.

I did had isakmp keepalive 3600 60 but have now change to isakmp keepalive 30 10.

Can you explain the logic behind the parameter "30 10" as I think this is a bit too excessive the no. of DPD.

115
Views
0
Helpful
4
Replies
CreatePlease to create content