Cisco VPN Client disconnects from ASA 5500 every hour with the error 'Secure VPN Connection Terminated by Peer. Reason 433: (Reason Not Specified By Peer). Running the command 'sh vpn-sessiondb detail remote' shows an IPSec time out of 60 minutes, and the connection time out left corresponds with the disconnect time.
IPSecOverNatT: Session ID : 2 Local Addr : 0.0.0.0/0.0.0.0/0/0 Remote Addr : XXX.XXX.XXX.XXX/255.255.255.255/0/0 Encryption : AES256 Hashing : SHA1 Encapsulation: Tunnel Rekey Int (T): 28800 Seconds Rekey Left(T): 25817 Seconds Conn Time Out: 60 Minutes Conn TO Left : 10 Minutes Bytes Tx : 6079 Bytes Rx : 76993 Pkts Tx : 33 Pkts Rx : 782
The error log from the ASA shows the following:
Jan 20 2010 08:55:54: %ASA-5-713050: Group = MecV, Username = simons, IP = XX.XXX.X.XXX, Connection terminated for peer simons. Reason: IPSec SA Max t ime exceeded Remote Proxy XXX.XX.XXX.XXX, Local Proxy 0.0.0.0 Jan 20 2010 08:55:54: %ASA-4-113019: Group = MecV, Username = domain\simons , IP = XX.XXX.X.XXX, Session disconnected. Session Type: IPSecOverNatT, Durat ion: 1h:00m:02s, Bytes xmt: 4592002, Bytes rcv: 36523769, Reason: Max time excee ded
How do I change the timeout for this so the client remains connect until the idle timeout is exceeded. For now, the Group Policy MecV has been reset with unlimited idle and connection times.
Re: Remote Access VPN Client disconnects after 1 hour
I have already set Maximun Connect Time: and Idle Timeout: to Unlimited in Group Policy. This had no effect. The disconnect is caused by the Connection Time Out setting when looking looking at the vpn-sessiondb details of the remote clients.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :