Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

vpn3000 concentrator - session disconnects after 1h

We see a lot of session disconnects on our 3000, most of them just after one or two hours. The error message is allways the same in the logs : Peer Address Changed. But we also have this with pc's on the same network as the vpn server and then, there is no NAT or address change on the client PC that could trigger this. We see this with all types of cisco vpn client software : W2K, XP, MacOS. This is very annoying for our users. Anyone a solution ? A parameter we can change ?

2 REPLIES
New Member

Re: vpn3000 concentrator - session disconnects after 1h

I have a couple of questions for you:

1. Are all your users getting disconnected after 1 or 2 hrs simultaneously?

2. How are your users getting authenticated?.Via a local database or via external aaa server?.

If via an ACS(aaa) server, could you check on the ACS Server if you have any Session Timeout settings configured either for the Group or the users.

If session timeout is set,check disabling the max connect time on the ACS makes any difference.

New Member

Re: vpn3000 concentrator - session disconnects after 1h

1. As far as i can tell from the logs, yes : Even a local testpc connected to the same switch as the vpn server 'internet' port (so no firewall, ips, ... that can disturb the connection) is disconnected after 1

hour. It also happens with remote clients with or without NAT translation enabled.

2. authentication via acs towards MS AD server

I have to check the settings with my collegue who is

responsible for the vpn server (but hasn't cco access for the moment yet).

We work with 1 client certificate for all users but

users have to authenticate via the ACS against our

Active Directory.

129
Views
0
Helpful
2
Replies