VPN 3030 - VPN Client 4.x - loss of internal network access after 4 hours
- From: nick.amido@xxxxxxxxx
- Date: 11 Jul 2005 17:03:38 -0700
Ever since I upgraded the VPN code to the latest release
(vpn3000-4.7.1.Rel-k9.bin) users are now losing connection to the
internal network at the 4 hour mark. They stay connected to the VPN,
but can only ping the external interface of the concentrator. Session
timeouts are set at 48 hours.
Here is the log of the client, 13:00 is the 4 hour mark.
659 12:59:56.493 07/11/05 Sev=Info/6 IKE/0x63000054
Sent a keepailve on the IPSec SA
660 13:00:04.005 07/11/05 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 3874843677
661 13:00:04.005 07/11/05 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
662 13:00:04.065 07/11/05 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
663 13:00:04.065 07/11/05 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from x.x.x.x
664 13:00:04.065 07/11/05 Sev=Info/5 IKE/0x6300003F
Received DPD ACK from x.x.x.x, seq# received = 3874843678, seq#
expected = 3874843678
665 13:00:14.521 07/11/05 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 3874843678
666 13:00:14.521 07/11/05 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
667 13:00:14.571 07/11/05 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
668 13:00:14.571 07/11/05 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from x.x.x.x
669 13:00:14.571 07/11/05 Sev=Info/5 IKE/0x6300003F
Received DPD ACK from x.x.x.x, seq# received = 3874843679, seq#
expected = 3874843679
670 13:00:25.037 07/11/05 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 3874843679
671 13:00:25.037 07/11/05 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
672 13:00:25.097 07/11/05 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
673 13:00:25.097 07/11/05 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from x.x.x.x
674 13:00:25.097 07/11/05 Sev=Info/5 IKE/0x6300003F
Received DPD ACK from x.x.x.x, seq# received = 3874843680, seq#
expected = 3874843680
675 13:00:35.553 07/11/05 Sev=Info/6 IKE/0x6300003D
Sending DPD request to x.x.x.x, seq# = 3874843680
676 13:00:35.553 07/11/05 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to x.x.x.x
677 13:00:35.614 07/11/05 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
678 13:00:35.614 07/11/05 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from x.x.x.x
679 13:00:35.614 07/11/05 Sev=Info/5 IKE/0x6300003F
Received DPD ACK from x.x.x.x, seq# received = 3874843681, seq#
expected = 3874843681
This DPD (Dead Peer Detection) transaction occurs once at the 3 hour
mark, but at the 4 hour mark it occurs over and over. I've seen one
related case similar to this issue, but it was VPN on a PIX, not a
concentrator.
Thanks for any help!
Nick
.
- Prev by Date: Re: VLANs with 2950 switches
- Next by Date: Re: WAG54G LAN connection problem - help!
- Previous by thread: ADSL disconnects randomly on 2600.
- Next by thread: help with Cisco VPN certificate
- Index(es):
Relevant Pages
|
Loading
