I have some issues going on with our VPN. Before the issues started, nothing changed in configurations. We use a VPN 3030 concentrator running version vpn3000-4.7.2.I-k9.bin.
I have had several users, all connected to our VPN from different public ISP's complain of intermittent time out's (their session just ends and the logs show "connection lost") and/or they connect and authenticate but can not access any network resources. This is difficult for me to troubleshoot since I only have troubleshooting capabilities to our firewall and sight to our firewall. Our perimeter is managed by another entity and they say they have not changed anything ACL related etc. that would affect the VPN IPSec tunnels.
Anyone have any suggestions? Could this possibly be a latency issue at our Internet Access Point? Or since it just started and we have made no changes, could it just be something screwy out in in the internet wasteland?
It may due to keepalive is misconfigured: Try the following in VPN concentrator
1. Define a value under the idle timeout and Maximum connect timeout, i.e. 1440 minutes and 1440 minutes respectively, Instead of mentioning 0 for unlimited.
2. configuring/Enabling IKE keepalives under the ipsec tab fo group configuration to keep packets flowing to the peer, i.e. client.
3. Change the IKE keepalive by going to %System Root%\Program Files\Cisco Systems\VPN Client\Profiles on the Client PC that experiences the issue, and edit the PCF file (where applicable) for the connection.
Change the 'ForceKeepAlives=0' (default) to 'ForceKeepAlives=1'.
I am having similar issues with our VPN3005 concentrator. We are running version vpn3005-4.7.2.J. We have another VPN3005 concentrator running a much older version of the concentrator software (vpn3005-3.6.5.Rel) with an almost identical configuration that doesn't suffer from this issue. Is this related to the newer VPN3000 software?
I have the Concentrator logging to a syslog daemon and when they have problems connecting, there is nothing logged at all as if the concentrator doesn't even see the connection attempts. This even happens when we connect to the local LAN the Concentrator is on and try to connect.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.