Cisco Support Community
Community Member

Intermittent VPN connection issues

I have some issues going on with our VPN. Before the issues started, nothing changed in configurations. We use a VPN 3030 concentrator running version vpn3000-4.7.2.I-k9.bin.

I have had several users, all connected to our VPN from different public ISP's complain of intermittent time out's (their session just ends and the logs show "connection lost") and/or they connect and authenticate but can not access any network resources. This is difficult for me to troubleshoot since I only have troubleshooting capabilities to our firewall and sight to our firewall. Our perimeter is managed by another entity and they say they have not changed anything ACL related etc. that would affect the VPN IPSec tunnels.

Anyone have any suggestions? Could this possibly be a latency issue at our Internet Access Point? Or since it just started and we have made no changes, could it just be something screwy out in in the internet wasteland?


Re: Intermittent VPN connection issues

It may due to keepalive is misconfigured: Try the following in VPN concentrator

1. Define a value under the idle timeout and Maximum connect timeout, i.e. 1440 minutes and 1440 minutes respectively, Instead of mentioning 0 for unlimited.

2. configuring/Enabling IKE keepalives under the ipsec tab fo group configuration to keep packets flowing to the peer, i.e. client.

3. Change the IKE keepalive by going to %System Root%\Program Files\Cisco Systems\VPN Client\Profiles on the Client PC that experiences the issue, and edit the PCF file (where applicable) for the connection.

Change the 'ForceKeepAlives=0' (default) to 'ForceKeepAlives=1'.

Community Member

Re: Intermittent VPN connection issues

Is the "ForceKeepAlives" something I can add to the pcf? I looked at all my profiles and the line "ForceKeepAlives" does not appear in any of them.

Community Member

Re: Intermittent VPN connection issues

I am having similar issues with our VPN3005 concentrator. We are running version vpn3005-4.7.2.J. We have another VPN3005 concentrator running a much older version of the concentrator software (vpn3005-3.6.5.Rel) with an almost identical configuration that doesn't suffer from this issue. Is this related to the newer VPN3000 software?

I have the Concentrator logging to a syslog daemon and when they have problems connecting, there is nothing logged at all as if the concentrator doesn't even see the connection attempts. This even happens when we connect to the local LAN the Concentrator is on and try to connect.

CreatePlease to create content