VPN drops when using GPRS Data Modems every 10 minutes
I'm having a hard time here. One our customers uses a Cisco ASA 5540(IOS 8.0(3)10) and Cisco VPN Client v.5 to establish IPSec tunnels through the Internet.
When the remote user is behind ADSL Modems or Cable Modems there is not a single drop in the connection, he's able stay connected up to 2 or 3 days straight without a single drop. But, a few users use those new GPRS Modems to get access to the Internet and then establish the IPSec Tunnel, these users get a connection drop at about every 10 or 20 minutes. They're using the same tunnel-group and group-policy attributes.
It's one of our customer requests that there are no idle nor session timeouts configured, they're both set to 'none'. NAT-T is enabled and the isakmp keepalives threshold is set to 300seconds and retry set to 2, as suggested by Cisco.
Is there any special configurations that need to be done so they can have the same behavior as the users behind ADSL modems?
Right now, the IPSec over UDP is set. The next thing I'll try is use the IPSec over TCP setting, using port 10000.
Re: VPN drops when using GPRS Data Modems every 10 minutes
Then try a query with the various applications. There is a 90 second default window (set by the Peer Timeout in the VPN Client profile) before the VPN Client gives up on connectivity and brings the tunnel down.
In one case let the VPN Client terminate and see how the applications behave.
In another case restore the Internet connection after 30 seconds so that it can recover. Observe how the applications behave.
For verify the configuration and troubleshooting in Cisco ASA following guide will help you :
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...