Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2068
Views
0
Helpful
3
Replies

Intermittent VPN connection issues

kris55s
Level 1
Level 1

‎01-11-2007 10:41 AM

I have some issues going on with our VPN. Before the issues started, nothing changed in configurations. We use a VPN 3030 concentrator running version vpn3000-4.7.2.I-k9.bin.

I have had several users, all connected to our VPN from different public ISP's complain of intermittent time out's (their session just ends and the logs show "connection lost") and/or they connect and authenticate but can not access any network resources. This is difficult for me to troubleshoot since I only have troubleshooting capabilities to our firewall and sight to our firewall. Our perimeter is managed by another entity and they say they have not changed anything ACL related etc. that would affect the VPN IPSec tunnels.

Anyone have any suggestions? Could this possibly be a latency issue at our Internet Access Point? Or since it just started and we have made no changes, could it just be something screwy out in in the internet wasteland?

Labels:
0 Helpful
3 Replies 3

bwilmoth
Level 5
Level 5

‎01-17-2007 11:21 AM

It may due to keepalive is misconfigured: Try the following in VPN concentrator

1. Define a value under the idle timeout and Maximum connect timeout, i.e. 1440 minutes and 1440 minutes respectively, Instead of mentioning 0 for unlimited.

2. configuring/Enabling IKE keepalives under the ipsec tab fo group configuration to keep packets flowing to the peer, i.e. client.

3. Change the IKE keepalive by going to %System Root%\Program Files\Cisco Systems\VPN Client\Profiles on the Client PC that experiences the issue, and edit the PCF file (where applicable) for the connection.

Change the 'ForceKeepAlives=0' (default) to 'ForceKeepAlives=1'.

0 Helpful

kris55s
Level 1
Level 1
In response to bwilmoth

‎01-18-2007 09:54 AM

Is the "ForceKeepAlives" something I can add to the pcf? I looked at all my profiles and the line "ForceKeepAlives" does not appear in any of them.

0 Helpful

will.wetherington
Level 1
Level 1

‎01-19-2007 11:18 AM

I am having similar issues with our VPN3005 concentrator. We are running version vpn3005-4.7.2.J. We have another VPN3005 concentrator running a much older version of the concentrator software (vpn3005-3.6.5.Rel) with an almost identical configuration that doesn't suffer from this issue. Is this related to the newer VPN3000 software?

I have the Concentrator logging to a syslog daemon and when they have problems connecting, there is nothing logged at all as if the concentrator doesn't even see the connection attempts. This even happens when we connect to the local LAN the Concentrator is on and try to connect.

0 Helpful
Customers Also Viewed These Support Documents