Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Client 4 to pix501 loss after 5 minutes

Hi

I've got the VPN Client 4.0.3(rel) and a pix 501 running 6.3(3). I've got an IPSec vpn between the two and its set for xauth from a CSACS server. I can iniatiate the vpn to the pix and it does the user authentication properly and I get authenticated and can reach everything on the pix inside just fine...but if I let the vpn connection go idle for a few minutes, the client shows the connection as still up, but I can no longer communicate. Any ideas. Thanks

isakmp enable outside

isakmp nat-traversal 20

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

vpngroup ac5u5ers address-pool acsremote

vpngroup ac5u5ers split-tunnel ac5u5ers_splitTunnelAcl

vpngroup ac5u5ers idle-time 3600

vpngroup ac5u5ers password ********

1 REPLY
Silver

Re: VPN Client 4 to pix501 loss after 5 minutes

I guess the problem should be with the "Idle Timeout" option. You can increase the idle timeout to a higher number. The command is:

timeout [xlate [hh:mm:ss]] [conn [hh:mm:ss]] [half-closed [hh:mm:ss]] [udp [hh:mm:ss]] [rpc [hh:mm:ss]] [h323 [hh:mm:ss]] [sip [hh:mm:ss]] [sip_media [hh:mm:ss]][uauth [hh:mm:ss] [absolute | inactivity]]

The uauth inactivity and absolute qualifiers cause users to have to reauthenticate after either a period of inactivity or an absolute duration. Refer http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/tz.htm#1026093 for details.

87
Views
0
Helpful
1
Replies
CreatePlease login to create content