Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote Access VPN Client disconnects after 1 hour

Cisco VPN Client disconnects from ASA 5500 every hour with the error 'Secure VPN Connection Terminated by Peer. Reason 433: (Reason Not Specified By Peer).  Running the command 'sh vpn-sessiondb detail remote' shows an IPSec time out of 60 minutes, and the connection time out left corresponds with the disconnect time.

IPSecOverNatT:
  Session ID   : 2
  Local Addr   : 0.0.0.0/0.0.0.0/0/0
  Remote Addr  : XXX.XXX.XXX.XXX/255.255.255.255/0/0
  Encryption   : AES256                 Hashing      : SHA1
  Encapsulation: Tunnel
  Rekey Int (T): 28800 Seconds          Rekey Left(T): 25817 Seconds
  Conn Time Out: 60 Minutes             Conn TO Left : 10 Minutes
  Bytes Tx     : 6079                   Bytes Rx     : 76993
  Pkts Tx      : 33                     Pkts Rx      : 782

The error log from the ASA shows the following:

Jan 20 2010 08:55:54: %ASA-5-713050: Group = MecV, Username = simons, IP
= XX.XXX.X.XXX, Connection terminated for peer simons.  Reason: IPSec SA Max t
ime exceeded  Remote Proxy XXX.XX.XXX.XXX, Local Proxy 0.0.0.0
Jan 20 2010 08:55:54: %ASA-4-113019: Group = MecV, Username = domain\simons
, IP = XX.XXX.X.XXX, Session disconnected. Session Type: IPSecOverNatT, Durat
ion: 1h:00m:02s, Bytes xmt: 4592002, Bytes rcv: 36523769, Reason: Max time excee
ded

How do I change the timeout for this so the client remains connect until the idle timeout is exceeded.  For now, the Group Policy MecV has been reset with unlimited idle and connection times.

2 REPLIES
New Member

Re: Remote Access VPN Client disconnects after 1 hour

In ASDM, under Group Policy - Choose your Group Policy - General - More Options - There is Max Connect Time and Idle time out settings.

New Member

Re: Remote Access VPN Client disconnects after 1 hour

I have already set Maximun Connect Time: and Idle Timeout: to Unlimited in Group Policy.  This had no effect.  The disconnect is caused by the Connection Time Out setting when looking looking at the vpn-sessiondb details of the remote clients.

4332
Views
0
Helpful
2
Replies
CreatePlease login to create content