Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN client got Disconnected

hi all,

I am using Cisco ASA 5505 for establishing Remote access VPN

I am facing the following problems.

a. my branch office having two VPN clients.When a user connect for the first time he got connected.Then if the second user try to connect, he got connected, but the first user got disconnected.

b. After some time if the disconnected user try to connect,he got connected.

c.Both the users are using different usernames to authenticate

Head office internal network: 192.168.10.0/24

Branch office internal network:

192.168.10.0/24

Iam attaching my configuration

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.10.253 255.255.255.0

!

interface Vlan12

nameif outside

security-level 0

ip address 192.168.2.2 255.255.255.0

!

interface Ethernet0/0

switchport access vlan 12

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

dns server-group DefaultDNS

domain-name default.domain.invalid

access-list inside_nat0_outbound extended permit ip any 150.1.1.0 255.255.255.0

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

ip local pool remotepool 150.1.1.1-150.1.1.254 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-522.bin

no asdm history enable

arp timeout 14400

global (outside) 1 192.168.2.10-192.168.2.100

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 192.168.2.1 1

group-policy yyyy internal

group-policy yyyy attributes

dns-server value 212.72.23.30 212.72.23.31

vpn-tunnel-protocol IPSec

username xxxx password eY/fQXw7Ure8Qrz7 encrypted privilege 0

username xxxx attributes

vpn-group-policy yyyy

username xxxx password eY/fQXw7Ure8Qrz7 encrypted privilege 0

username xxxx attributes

vpn-group-policy yyyy

username xxxx password eY/fQXw7Ure8Qrz7 encrypted privilege 0

username xxxx attributes

vpn-group-policy yyyy

username xxxx password eY/fQXw7Ure8Qrz7 encrypted privilege 0

username xxxx attributes

vpn-group-policy yyyy

username xxxx password eY/fQXw7Ure8Qrz7 encrypted privilege 0

username xxxx attributes

vpn-group-policy yyyy

username xxxx password eY/fQXw7Ure8Qrz7 encrypted privilege 0

username xxxx attributes

vpn-group-policy yyyy

http server enable

http 192.168.10.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map outside_dyn_map 20 set pfs

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

tunnel-group yyyy type ipsec-ra

tunnel-group yyyy general-attributes

address-pool remotepool

default-group-policy yyyy

tunnel-group yyyy ipsec-attributes

pre-shared-key *

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside

!

dhcpd address 192.168.10.254-192.168.10.254 inside

dhcpd enable inside

Expecting your valuable reply

1 REPLY

Re: VPN client got Disconnected

Hi,

Try enabling 'nat traversal' on ASA and give a shot.

crypto isakmp nat-traversal 20

hth

MS

204
Views
0
Helpful
1
Replies
CreatePlease login to create content