Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN drops when using GPRS Data Modems every 10 minutes

Greetings,

I'm having a hard time here. One our customers uses a Cisco ASA 5540(IOS 8.0(3)10) and Cisco VPN Client v.5 to establish IPSec tunnels through the Internet.

When the remote user is behind ADSL Modems or Cable Modems there is not a single drop in the connection, he's able stay connected up to 2 or 3 days straight without a single drop. But, a few users use those new GPRS Modems to get access to the Internet and then establish the IPSec Tunnel, these users get a connection drop at about every 10 or 20 minutes. They're using the same tunnel-group and group-policy attributes.

It's one of our customer requests that there are no idle nor session timeouts configured, they're both set to 'none'. NAT-T is enabled and the isakmp keepalives threshold is set to 300seconds and retry set to 2, as suggested by Cisco.

Is there any special configurations that need to be done so they can have the same behavior as the users behind ADSL modems?

Right now, the IPSec over UDP is set. The next thing I'll try is use the IPSec over TCP setting, using port 10000.

Any ideas?

Thanks in advance!

Regards, Dan

1 REPLY
Silver

Re: VPN drops when using GPRS Data Modems every 10 minutes

Then try a query with the various applications. There is a 90 second default window (set by the Peer Timeout in the VPN Client profile) before the VPN Client gives up on connectivity and brings the tunnel down.

In one case let the VPN Client terminate and see how the applications behave.

In another case restore the Internet connection after 30 seconds so that it can recover. Observe how the applications behave.

For verify the configuration and troubleshooting in Cisco ASA following guide will help you :

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/ike.html#wp1052135

216
Views
0
Helpful
1
Replies