In order to resolve this issue, issue the crypto isakmp keepalive command on the router in global configuration mode. This allows the gateway to send DPD messages to the peer.
If the issue is related to the PIX Firewall version 6.x, issue the isakmp keepalive 10 command in global configuration mode. For PIX version 7.x and ASA, issue the isakmp keepalive 10 command in the IPsec tunnel configuration mode.
SEV=4 AUTH/28 RPT=381 XXX.XXX.XXX.XX User [SomeUser] disconnected: Duration: HH:MM:SS Bytes xmt: 19560 Bytes rcv: 17704 Reason: Lost Service YYYY/MM/DD HH:MM:SS XXX.XXX.XXX.XXX syslog notice 45549 MM/DD/YYYY HH:MM:SS SEV=4 IKE/123 RPT=XXX.XXX.XXX.XXX Group [SomeDefault] User [SomeUser] IKE lost contact with remote peer, deleting connection (keepalive type: DPD)
Cause: The remote IKE peer did not respond to keepalives within the expected window of time, so the connection to the IKE peer was deleted. The message includes the keep-alive mechanism used. This issue is only reproducible if the public interface is disconnected during an active tunnel session. The customer needs to monitor their network connectivity as these events are generated to pinpoint the root cause of their potential network connectivity issue(s).
Disable IKE keepalive by going to %System Root%\Program Files\Cisco Systems\VPN Client\Profiles on the Client PC that experiences the issue, and edit the PCF file (where applicable) for the connection.
Change the 'ForceKeepAlives=0' (default) to 'ForceKeepAlives=1'.
If the problem persists, open a Service Request with Cisco Technical Support and provide the Client "Log Viewer" and the VPN Concentrator logs as the problem occurs.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :