Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Watchchild Client over RA VPN "Lost Client-Server Communication"

I recently began a job as a network administrator.  Before this job I was worked with Cisco UC.  I have very little experience with the Cisco ASA and I am hitting a wall. 

We have a system named Watchchild, that connects to some medical monitoring equipment.  With a client installed on a Windows workstation one can connect to the Watchchild server and view some medical graphs. 

The Watchchild system resides within out LAN/Datacenter and clients within the same LAN can communicate with the Watchchild server without interruption.  We also have a remote site that is connection via a remote-access IPSec VPN tunnel.  The clients connect using this VPN tunnel lose communication with the Watchchild server intermittently.  The amount of time various.  I would guess between 1 and 5 minutes.  This happens more often if both remote access clients are connected at the same time. 

When the remote access clients lose communication they see a "lost client-server communication" error.  The ASDM monitoring feature shows that the tunnel is still up and the TX and RX packet counters increment with time.  You can click retry within the client to clear the error and begin viewing the graphs again.  The ASA debugs don't show any unusual errors, for example packets begin dropped.  I don't have any type of ACL or filter applied to this profile, so I wouldn't expect it to be restricting certain ports or networks.

The vendor said that the client-server communication uses TCP ports 8000 - 8010 and UDP port 11002.  I've confirm this by using the netstat command in Windows.  Can any of you suggest where to look to identify if this could be due to the ASA manipulating or blocking the traffic being passed between the client and the server?  I thought that it could possibly be a latency/delay issue, but our average response time is 55 ms and the maximum I've seen is 110 ms.  The vendor said that anything less that 500 ms should be okay.

Thank you in advance for any assistance or guidance you can offer.

New Member

Watchchild Client over RA VPN "Lost Client-Server Communication"

The Watchchild application was very dependant on MAC addresses.  Unfortunately, because the Cisco VPN client uses a virtual interface, who's MAC address is not unique between clients. It was causing "conflicts".  They had to modify a value in a configuration file of their's to resolved the issue.

CreatePlease to create content