Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

L2TP VPN ASA5520 Frequent Disconnects

I am using Microsoft Client with L2TP, Pre-Shared Secrets, on XP and Vista, to connect to an ASA5520. Remote users can connect without any problems but experience random yet frequent disconnects.

ASA log only shows session terminated by end user.

TAC has reviewed the config and all seems correct. Has anyone seen this behavior?

5 REPLIES
Silver

Re: L2TP VPN ASA5520 Frequent Disconnects

It sounds like the pcs they are testing from are misconfigured. Both the L2TP over IPSEC and Cisco client connections use UDP/500 for the first packet. If the Cisco client is not working then UDP/500 is being blocked somewhere in the path. This means if the L2TP client is not configured correctly else if configured correctly then sending a UDP/500 packet we should be seeing it on the ASA. So please make sure you are client is configured correctly. Still you are getting problem then reset the ASA to factory default and rebuild the configuration & try it.

New Member

Re: L2TP VPN ASA5520 Frequent Disconnects

Please note that the remote clients are able to connect. I see their sessions clearly on the ASA. That is not the problem. The problem is that they can stay connected for hours, but then randomly disconnect. The disconnect happens with many different remote users, running either XP or Vista.

New Member

Re: L2TP VPN ASA5520 Frequent Disconnects

Hi,

we have the same issue. The of our examination was, that it was that the rekeying of IPSEC/ISAKMP occurs at the same time. Because if you have configured the both timers on a mutiple. If you configure the timers as following our test Clients work for days w/o interuption:

crypto dynamic-map xxx xx set security-association lifetime seconds 28801

crypto isakmp policy xx

lifetime 86400

New Member

Re: L2TP VPN ASA5520 Frequent Disconnects

Sorry, missed your reply...

Except for one thing, on ASA 8.0, you can not remove the KB timeout and the time timeout does not follow the setting.

New Member

Re: L2TP VPN ASA5520 Frequent Disconnects

Yes, and I think I have traced it down, but don't have a solution...

Whatever I set for:

security-association lifetime seconds

security-association lifetime kilobytes

The ASA negotiates to:

3600 Seconds (one hour)

250000 Kbytes

and the windows box has:

28800 Seconds (eight hours)

0 Kbytes (I assume infinite)

When the cisco box times out, it drops the connection and does not rekey.

I have not found any solution for this.

437
Views
0
Helpful
5
Replies
CreatePlease to create content