VPN disconnect issue: keepalives don't seem to work....

I have one user that I have had a heck of a time getting connected to our VPN. She is based at the county courthouse, so we have to go through their network and I am not sure how to totally pin the blame on them or if it me.

She will get disconnected at random times (< 10 minutes). Our default time for possibly timing out is 30 minutes. I did something different today and did a continuous ping to her VPN IP and it has kept the connection open.

As soon as I stopped the ping, within a couple minutes the connection was dead. Everyone else (approx 6 users right now) work just perfectly. My boss for example has been working from home today and has been connected for almost 7 hours straight.

The ping is not the answer I am looking for. All users are using the same tunnel group and policy. So its not like I have a policy different for one person.

any thoughts? I am totally out of ideas....

Heya timparker!!

I am having the same problem with our VPN at the office. I have about 45 VPN users, I would say about 4 or 5 of them have the problem your describing below.

We are running on an older Cisco VPN piece of hardware. Its a VPN Concentrator 3000.

I pumped my Idle Timeout to 120 for those particular users, and it still doesn't help.

What VPN hardware are you using? And what client?


Cheers,

ZiPPy

Hey. We have a Cisco ASA 5505 and the client is currently what came with it. i haven't looked for a newer version so far but that might be happening soon.....It is version 5.0.02.0090. Naturally, my boss now has to be having the problem.....

I only like 4-5 users on there right now and they are the only ones with the trouble.

I downloaded a newer version last night, but screwed up the laptop install so I gave up. The new version is something like 5.0.05.0290 I think. It was the newest one that they had.

Going to install now.

Well the new version installed just fine once I was on the network. For some reason last night it said that it installed but wasn't there. I logged back in to the laptop and it started the install over again. I printed out all the readme.txt files of the versions between where I was and the newest one (only 3) and the only possible issue that I see is:

CSCsi26001 unity xp-vista: reauth on rekey with saved password causes disconnect

We have XP on all the machines now. I do see the following that is listed in all 3 readme files.

Workarounds for Vista:
Error 412: The remote peer is no longer responding
Upgrade local NAT device's firmware
If this is not possible, switch to TCP
If this is not possible, use the following keyword in connection profile (*.pcf):UseLegacyIKEPort=1


But since I don't have Vista anywhere. I am going to check on the routers that these two are using. The one I know is older as I donated it to use, as the one they had there was way older. I believe I am already set to use TCP for this. So I am hoping for a potential router problem at these two locations.

I have set up a new tunnel group and policy just for me to test with and set it to allow it to save the password, but I never seem to get disconnected at all when in the office and going back out to the Cisco.....so maybe I should go back home and test....hehe.

Another small update, it does appear that we are running the transport as IPSec/UDP. I tried changing it on the client to use TCP and it won't seem to connect. Not sure so far what to change on the ASA config to allow it to work......