Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SEV=4 AUTH/28 disconnected: Reason: Lost Service

I have lots of users connecting remote access as well as remote 3002's disconnecting with the above message.

I have not been able to identify a trend of any kind or even find more information on what is happening to cause the disconnect.

Does anyone have an idea of the potential cause or ideas to get more infomation?

Thank you.


Re: SEV=4 AUTH/28 disconnected: Reason: Lost Service


do find the info availed from CCO..

What does the error message "Lost Service" mean?

A. If there is no traffic sent between the VPN Concentrator and the VPN Client for a period of time, a Dead Peer Detection (DPD) packet is sent from the VPN Concentrator to the VPN Client to ensure its peer is still there. If there is a connectivity issue between the two peers where the VPN Client does not respond to the VPN Concentrator, the VPN Concentrator continues to send DPD packets over a period of time. This terminates the tunnel and generates the error if it does not receive a response during that time. Refer to Cisco bug ID CSCdz45586 ( registered customers only) .

The error should look like this:

SEV=4 AUTH/28 RPT=381 XXX.XXX.XXX.XX User [SomeUser] disconnected:

Duration: HH:MM:SS Bytes xmt: 19560 Bytes rcv: 17704 Reason:


syslog notice


Group [SomeDefault] User [SomeUser]

IKE lost contact with remote peer, deleting connection (keepalive type: DPD)Cause: The remote IKE peer did not respond to keepalives within the expected window of time, so the connection to the IKE peer was deleted. The message includes the keep-alive mechanism used. This issue is only reproducible if the public interface is disconnected during an active tunnel session. The customer needs to monitor their network connectivity as these events are generated to pinpoint the root cause of their potential network connectivity issue(s).

Disable IKE keepalive by going to %System Root%\Program Files\Cisco Systems\VPN Client\Profiles on the Client PC that experiences the issue, and edit the PCF file (where applicable) for the connection.

Change the 'ForceKeepAlives=0' (default) to 'ForceKeepAlives=1'.

If the problem persists, open a Service Request with Cisco Technical Support and provide the Client "Log Viewer" and the VPN Concentrator logs as the problem occurs


New Member

Re: SEV=4 AUTH/28 disconnected: Reason: Lost Service

We found this happening on Laptops with power saving options configured to disable network ports after a short time.

No more network traffic, keepalives don't get communicated, session is idled, deactivate session