Some Users reporting the vpn tunnel will stop working after some time (while there working) or after some succesfully huge datatransfers.
VPN Endpoint is a Concentrator 3030
VPN Client is 4.6.x
We have about 300 Clients running without problem and some around 10 who are reporting this problems.
On the client site we turned on the logging and see nothing, the logging stops at the time where the connection is dead. On Concentrator site we see only the disconnect from the client (user requested) cause he reconnect the connection.
At the same time other clients working without problem. So I can say there is not a general problem with the internetlink or something in our enterprise network.
The one and only difference I know is that our normal users have a ADSL connection at home and the problem users have a bigger link like vdsl or cable.
â¢If the VPN Client is located behind a device that performs Network Address Translation (NAT)/Port Address Translation (PAT), make sure that the translation does not timeout for the VPN Client.
â¢Make sure the IKE keepalives are enabled. In some situations, it is necessary to disable this feature in order to solve the problem, for example, if the VPN Client is behind a Firewall that prevents DPD packets. In order to disable the IKE keepalives, complete these steps:
Choose Configuration > User Management > Groups.
Choose a VPN Client group that you work with, and click Modify.
On the IPSec tab, uncheck the IKE Keepalives box. Check the timeout settings on the VPN Concentrator and on the VPN Client. The timeout settings are found on the General tabs of the base group, group, and user settings. Choose Configuration > User Management.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...