Options
Cisco VPN server and client - connection drop
I have a Cisco 1841 router configured as Easy VPN Server. Here is the configuration of the router:
[C] Cisco# Cisco#show running-config Building configuration... Current configura - Pastebin.com
I have a Centos 5.7 server with installed Cisco VPN client for Linux. The client successfully connects to the VPN server but after 15 minutes the connection is droped.
Here is the configuration file of the Cisco VPN client:
[C] [main] Description= Host=123.123.123.123 AuthType=1 GroupName=server_6 Grou - Pastebin.com
The client allways disconnects after ~ 15:25 minutes.
I'm sure that I made a mistake into the configuration. I need to configure the client to keep the VPN connection infinite. Can you help me to fix the problem.
Best wishes Peter
Here is the output of the command sh crypto ipsec: [C] Cisco#sh crypto ipsec sa interface: FastEthernet0/0 Crypto map tag: SDM - Pastebin.com
Here is the output of the debug command into the router: [C] *Dec 6 15:37:20.571: ISAKMP
1003):atts are acceptable. *Dec 6 15:37:20.571: - Pastebin.com
Here is the log file of the Linux VPN client [C] Cisco Systems VPN Client Version 4.8.01 (0640) Copyright (C) 1998-2007 Cisco Sy - Pastebin.com
[C] Cisco# Cisco#show running-config Building configuration... Current configura - Pastebin.com
I have a Centos 5.7 server with installed Cisco VPN client for Linux. The client successfully connects to the VPN server but after 15 minutes the connection is droped.
Here is the configuration file of the Cisco VPN client:
[C] [main] Description= Host=123.123.123.123 AuthType=1 GroupName=server_6 Grou - Pastebin.com
The client allways disconnects after ~ 15:25 minutes.
I'm sure that I made a mistake into the configuration. I need to configure the client to keep the VPN connection infinite. Can you help me to fix the problem.
Best wishes Peter
Here is the output of the command sh crypto ipsec: [C] Cisco#sh crypto ipsec sa interface: FastEthernet0/0 Crypto map tag: SDM - Pastebin.com
Here is the output of the debug command into the router: [C] *Dec 6 15:37:20.571: ISAKMP
1003):atts are acceptable. *Dec 6 15:37:20.571: - Pastebin.comHere is the log file of the Linux VPN client [C] Cisco Systems VPN Client Version 4.8.01 (0640) Copyright (C) 1998-2007 Cisco Sy - Pastebin.com
Comments
-
Options
Monkerz
Member Posts: 842
This is a very big hint...[B]Dec 6 14:35:48.343: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]101[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_cool.gif[/IMG]:deleting SA reason "IKE SA Lifetime Exceeded" state (R) QM_IDLE[/B]
I also find it funny that you posted this exact same question on Cisco's forums. https://supportforums.cisco.com/thread/2119674 -
Options
rcbandit
Registered Users Posts: 4 ■□□□□□□□□□
Yes I posted it there but nobody answer me.
I saw it too. Maybe I must increase the lifetime if the key negotiation? What I must do to repair it?
Regards -
Options
ipSpace
Member Posts: 147
Hello rcbandit,
Can you please try to change from:
crypto isakmp keepalive 20 6
to crypto isakmp keepalive 20 6 periodic
Please let me know the outcome.
Thanks.
My Network & Security Blog with a focus on Fortigate. New post on how to create a fortigate ssl vpn. -
OptionsMonkerz
Member Posts: 842
Are you actively using the tunnel when the session is disconnected or is the tunnel idle for an extended period of time?