Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Tough VPN Question

Hi, I have a Cisco ASA 5505. I have several hardware VPNs connected to it. These stay up (most of the time). However, I have a couple of users who connect using the software client. They are actually on another network so they use a split network. My network takes their traffic. I named their tunnel "companion". For these users, about once a day, or maybe every 6 hours, they lose their connection to the ASA. The lock icon still says it's connected, but they can't reach our servers. They can fix it by simply disconnecting and reconnecting the lock. I have no idea what causes this problem, but I am no Cisco expert. I attached my config. If anyone sees something I am doing grievously wrong for the Companion group or anywhere else, please tell me. It would be much appreciated. Tell me if I can provide any further information. I also pinged their internet connection and that's not it. Their internet connection stays up, but I lose the ping to their computers when this happens.

Hall of Fame Super Silver

Re: Tough VPN Question

Hello Chris,

from your configuration I see the following:

policy DfltGrpPolicy

contains the following commands:

vpn-idle-timeout none

vpn-session-timeout none

instead in the policy companion the two commands are missing.

in the section of timeouts we see:

timeout uauth 0:05:00 absolute

but you say that users are able to work for more time and the ipsec tunnel is teared down one a day or every 6 hours.

I would try to add the aforementioned commands under policy companion.

Another thought:

the ipsec connection can be closed by both sides so also have a look at vpn SW on PCs.

Hope to help


New Member

Re: Tough VPN Question


Thanks for the advice on this. I am actually a bit more confused now. Over the weekend, I was able to run the connection from my home to my office for 3 days straight. I am starting to suspect the client side network. I will implement what you have listed here and also run some tests on site over there. I will post what happens.

New Member

Re: Tough VPN Question

I had to upgrade my user's VPN client to v5.0.03 when I moved VPN from my old 3005 to the new ASA. That fixed their issues with dropping connections.