Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN Client + IPSEC disconnection

I am having trouble diagnosing (or even understanding why it happens) a software VPN IPSEC disconnection problem to a PIX 515. I have several (20) salesmen roaming about using the latest VPN client 3.5.x, and when they use dialup, they get an IPSEC disconnection error. It could happen once during a session, or 10 times. People using the same client over a broadband connection get the same error, but not as often, or not at all. The first thing that I thought was that the dialup connection was being dropped, but it never does. I have split-tunneling enabled on the connections. Has anyone else seen this situation? Could someone point me to where I should start looking? The strange thing is that IPSEC could be dropped at the beginning of a session, or 10 minutes after the tunnel has been established. I'm stunned.


New Member

Re: VPN Client + IPSEC disconnection

You may want to tell the client to try this, assuming they are using Cisco VPN Clients for Windows:

Allowing the VPN Client to Work Through ESP-Aware NAT/Firewalls

When using the VPN Client behind an ESP-aware NAT/Firewall, the port on the

NAT/Firewall device may be closed due to the VPN Client’s keepalive

implementation, called DPD (Dead Peer Detection). When a Client is idle, it does

not send a keepalive until it sends data and gets no response.

To allow the VPN Client to work through ESP-aware NAT/Firewalls, add the

following parameter and setting to the [Main] section of any *.pcf (profile

configuration file) for the affected connection profile.


This parameter enables IKE and ESP keepalives for the connection at

approximately 20 second intervals.

For more information, see “Connection Profile Configuration Parameters” in the

VPN Client Administrator Guide.

CreatePlease to create content