Have a few users on Vista/7 using Windows L2TP to connect to our ASA5510. It is reported that after a few hours the connection drops. From what I have seen this can be anywhere around 5-6 hours. Of course my connection will drop after an amount of time has passed and no traffic has passed the tunnel. But the users are adament that this drops during large transfers; i.e. not a timeout issue.
Before I spend anymore time on this I just want to know if this is normal behavior for a remote access L2TP using Windows to disconnect on it's own after this amount of time. Never had a reason myself to remain connected that long, and when I did I used a site 2 site tunnel.
I too am having this issue. Win7 clients connect to an asa 5510 get disconnected after 5-6 hours. I have an open ticket with cisco and am working on a resolution. Yesterday it was said by cisco that the l2tp rekey timer was shorter than the ipsec rekey timer. He reconfigured the timer, which disconnected the 11 people that were connected, but about six hours later the clients disconnected and had trouble reconnecting. We allowed remote connects from the inside interface and connected a win7 machine and it had remained connected for 18 hours. I have found that the cisco client will remain connected as long as you want. The difference in the two connections are the windows client connects as L2TPoverIPSECoverNatT and the cisco client connects with just IPSECoverNatT. I need to get this resolved one way or another. I am going to open a case with microsoft this morning.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...