hello,
I have a Cisco router that works as a VPN server. a remote user uses Cisco VPN client 5.0.05.0290 to connect to the office resources.
Every one hour (or a few minutes less than one hour) after a connections is established, a message pops up on a user's laptop asking to re-authenticate. If you caught the mesage right away and entered same username and password that was used to establish the connection - the connections stays, but if you missed it by a minute or so - there is no indication that username/password is wrong, and it seems that the connection is still working fine, but in a few seconds a disconnect error message pops up:
"Secure VPN Connection terminated locally by the Client"
I am also attaching some debug info from the Client side...(asked for password at 14:44 and typed password 14:54 in the log)
my questions are:
1) How to make VPN client continue the connection without prompting a user to re-authenticate.
2) What's causing the router or the client to ask a user to type username/password again?
here is the config(keep in mind that I use the same crypto map for site2site vpn tunnel as well):
aaa authentication login userauthen local
aaa authorization network groupauthor local
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp key ******* address x.x.x.x no-xauth
crypto isakmp client configuration address-pool local vpn-users
crypto isakmp client configuration group group-name
key *****************
wins x.x.x.x
pool vpn-users
acl split-tunnel
crypto ipsec transform-set 3des-md5 esp-3des esp-md5-hmac
crypto dynamic-map any-dyn 10
set transform-set 3des-md5
crypto map dc client authentication list userauthen
crypto map dc isakmp authorization list groupauthor
crypto map dc client configuration address respond
crypto map dc 2 ipsec-isakmp
set peer x.x.x.x
set transform-set 3des-md5
match address dc-vpn
crypto map dc 10 ipsec-isakmp dynamic any-dyn
ip local pool vpn-users 192.168.254.1 192.168.254.100
Thank you for helping me figure this one out.
