Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Freeswan with VPN Concentrator

I am trying to get a sustained Lan-to-Lan tunnel between a Linux router running Freeswan & a 3030 concentrator. The tunnel stays up OK for a while but I have noticed that when the IKE timeout comes up & the key renegotiation occurs the 3030 logs a few "Simultaneous logins exceeded for user" messages. I find this a bit odd for a Lan-to-Lan connection. Unfortunatly I don't have access to the 3030 as it is managed by an external party. They recently upgraded it to the latest code.

I do know that the Freeswan does appear to try & create a new IPSec tunnel at renegotiation time before tearing down the old. There is very little configurable at the Linux end, and due to the nature of the customer connection they have very few options there. Does anyone have any suggestions on things to try or places to look?

Thanks.

2 REPLIES
Silver

Re: Freeswan with VPN Concentrator

Your problem seems to be the same as CSCdx80492 'Simultaneous logins exceeded error misleading during external auth'. It could be a cosmetic error only. If things are working fine, you could disregard this message.

New Member

Re: Freeswan with VPN Concentrator

I couldn't locate your referance, but it does appear to be working well now. Part of the problem appeared to also relate to the IKE re-key interval. Freeswan seems to get unstable at anything less than 30 minutes. Setting the interval to 1 hour made a great improvement.

252
Views
0
Helpful
2
Replies