vpn3000 concentrator - session disconnects after 1h
We see a lot of session disconnects on our 3000, most of them just after one or two hours. The error message is allways the same in the logs : Peer Address Changed. But we also have this with pc's on the same network as the vpn server and then, there is no NAT or address change on the client PC that could trigger this. We see this with all types of cisco vpn client software : W2K, XP, MacOS. This is very annoying for our users. Anyone a solution ? A parameter we can change ?
Re: vpn3000 concentrator - session disconnects after 1h
1. As far as i can tell from the logs, yes : Even a local testpc connected to the same switch as the vpn server 'internet' port (so no firewall, ips, ... that can disturb the connection) is disconnected after 1
hour. It also happens with remote clients with or without NAT translation enabled.
2. authentication via acs towards MS AD server
I have to check the settings with my collegue who is
responsible for the vpn server (but hasn't cco access for the moment yet).
We work with 1 client certificate for all users but
users have to authenticate via the ACS against our
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...