VPN client disconnects after 2 hours

Similar Questions

• TC6 Firmware - call disconnects after 2 hours

  Hi all

  Our client complains that after the firmware update on the endpoints of telepresence (C40, C60, EX90) to TC6.x, there are two questions:

  1 end with TC6.x points will disconnect after 120 minutes to be connected to any appeal initiated by the remote end.  They will not cut the minute 120 if the TC6.x Unit has initialized the call.

  2 end points with TC6.x cannot connect to units MXP running F6 or earlier.  Since we MXP Codec Software F6 and F5 this is causing problems with the calls point to point.

  They have units with the TC5.1.6 software which have no problem at all. The only thing among others as the routers and switches is a VCS controller.

  Anyone has any ideas on what is the cause?

  Thank you

  John

  In TC6, we turned silently on TCP KeepAlive for the session h225 running with the default time of linux tcp_keepalive_time of 7200 seconds.  That would probably explain the disconnection to 120 minutes which sees the John after moving from TC5.1.6.

  I would also say that if this is the case, there is something which is tcp to the current between the two devices.  The firewall is also my first thought.  Perhaps WAAS on a router?  Sometimes you can get a clue that this is occurring by comparing the tcp ack/seq/windowsize header to see if it is different between the sending to the receiving side for the same package.  Something like 'tcpdump-s0 w /tmp/h225.pcap port 1720' root must limit the collected output.

  The TC6 troubleshooting located here would be a good reference in newspapers and tcpdump to use for troubleshooting signaling related issues:

  http://www.Cisco.com/en/us/docs/Telepresence/endpoint/codec-c-series/TC6/troubleshooting_guide/tc_troubleshooting_guide_tc60.PDF

  The example uses this doc does not filter the traffic and John you do not want to limit the output of tcpdump only for signalling interesting to avoid problems with the size of the OCAP collected file.

  We have a bug open better control KeepAlive on the session h225 (CSCub20591) but not clear if/when it will be executed and for now if there is something that is expire tcp sessions in the network, changes will be made here to avoid this problem.

  For the 2nd question, I'm not aware either a problem with older MXP but your approach Martin to try a later version of the software would also be what I would recommend.  If you need to solve problems with old software MXP TC6, the same troubleshooting guide h323 newspapers are where you want to focus on to see where in the handshake the call fails and compare this output between TC6 and TC5.1.6 as to what has changed that can have an impact on this.

• % 305013-5-ASA: rules asymmetrical NAT matched for flows forward and backward; Connection refused because of the failure of the path opposite. NAT VPN clients problems after that put 8.3.2 to level.

  I've recently updated to 8.3.2 and I have been informed of these NAT changes, but even after reading the https://supportforums.cisco.com/docs/DOC-12569 I am still unable to rectify the communication network 192.168.100.0 VPN with hosts on 172.16.1.0 and 172.16.9.0. VPN clients connect to the external interface, and I try to ping inside and the demilitarized zone, respectable 172.16.1.0 and 172.16.9.0 hosts. VPN client shows that the two previously mentioned networks such as roads of security, but still not to the ping pong.

  # sh nat

  Manual NAT policies (Section 1)

  1 (inside) to the (whole) source static obj - 172.16.9.0 obj - 172.16.9.0 destination static obj - obj - unidirectional 192.168.100.0 192.168.100.0

  translate_hits = 0, untranslate_hits = 0

  2 (inside) to the (whole) source static obj - 172.16.1.0 obj - 172.16.1.0 destination static obj - obj - unidirectional 192.168.100.0 192.168.100.0

  translate_hits = 0, untranslate_hits = 0

  3 (inside) to the (whole) source static obj - 172.16.1.0 obj - 172.16.1.0 destination static obj - 172.16.12.0 obj - one-way 172.16.12.0

  translate_hits = 0, untranslate_hits = 0

  4 (dmz) to (outside) source static obj - 172.16.9.0 obj - 172.16.9.0 destination static obj - obj - unidirectional 192.168.100.0 192.168.100.0

  translate_hits = 0, untranslate_hits = 0

  5 (dmz) to (outside) source static obj - 172.16.9.0 obj - 172.16.9.0 destination static obj - 172.16.12.0 obj - one-way 172.16.12.0

  translate_hits = 0, untranslate_hits = 0

  Auto NAT policies (Section 2)

  1 (dmz), to the source (external) static obj - 172.16.9.5 interface tcp www www service

  translate_hits = 0, untranslate_hits = 142

  2 (dmz) (outdoor) source static obj - 172.16.9.5 - 01 interface service tcp 3389 3389

  translate_hits = 0, untranslate_hits = 2

  3 (dmz) (outdoor) source static obj - 172.16.9.5 - 02 interface tcp ldap ldap service

  translate_hits = 0, untranslate_hits = 0

  4 (dmz) (outdoor) source static obj interface - 172.16.9.5 - 03 service ftp ftp tcp

  translate_hits = 0, untranslate_hits = 0

  5 (dmz) to (outside) of the source static obj - 172.16.9.5 - 04 interface tcp smtp smtp service

  translate_hits = 0, untranslate_hits = 267

  6 (inside) source static obj - 172.16.9.0 172.16.9.0 (dmz)

  translate_hits = 4070, untranslate_hits = 224

  7 (inside) to (dmz) source static obj - 10.1.0.0 10.1.0.0

  translate_hits = 0, untranslate_hits = 0

  8 (inside) to (dmz) source static obj - 172.16.0.0 172.16.0.0

  translate_hits = 152, untranslate_hits = 4082

  9 (dmz) to dynamic interface of the obj - 172.16.9.0 - 01 source (outdoor)

  translate_hits = 69, untranslate_hits = 0

  10 (inside) to the obj_any interface dynamic source (external)

  translate_hits = 196, untranslate_hits = 32

  I think you must following two NAT config

  NAT (inside, outside) source static obj - 172.16.1.0 obj - 172.16.1.0 destination static obj - 192.168.100.0 obj - 192.168.100.0
  NAT (dmz, external) source static obj - 172.16.9.0 obj - 172.16.9.0 destination static obj - 192.168.100.0 obj - 192.168.100.0

  Please configure them and remove any additional NAT configuration and then try again.

• UC500 and IPsec VPN client - disconnects

  Just throw a question out there.
  I have a UC560 running uc500-advipservicesk9 - mz.151 - 2.T2 site HQ.  Remote users, about 8 of them, attempt to connect via IPsec VPN (v5.0.07.0440) HQ clients to access files, etc..  The behavior I see is 5 users to connect successfully, but only 5.  As soon as more users trying to connect, they have either:

  1. connect with success for a minutes, then unmold
  2. get a 412, remote peer is not responding
  3. connect, but someone of another session kickoff.

  Users use the same VPN profile, but with names of single user and passwords.

  Here are some of the CPU configs for VPN clients
  Configuration group customer crypto isakmp USER01
  key *.
  DNS 192.168.0.110
  pool USER01_POOL
  ACL USER01_ACL

  local RAUTHEN AAA authentication login
  permission of AAA local RAUTHOR network authenticated by FIS

  Crypto isakmp USER01_PROF profile
  match of group identity USER01
  list of authentication of client RAUTHEN
  RAUTHOR of ISAKMP authorization list.
  client configuration address respond

  crypto ISAKMP policy 1
  BA 3des
  md5 hash
  preshared authentication
  Group 2
  crypto ISAKMP policy 10
  BA aes
  preshared authentication
  Group 2
  lifetime 28800
  crypto ISAKMP policy 100
  BA aes
  preshared authentication
  Group 2
  life 3600
  crypto ISAKMP policy 1000
  BA 3des
  preshared authentication
  Group 2

  I enabled debugging
  Debug crypto ISAKMP
  Debug crypto ipsec

  Here are some of the things that I see on him debugs
  604899: 16:41:13.333 Aug 21: ISAKMP: (2073): HASH payload processing. Message ID = 284724149
  604900: 16:41:13.333 Aug 21: ISAKMP: (2073): treatment protocol NOTIFY DPD/R_U_THERE 1
  0, message ID SPI = 284724149, a = 0x8E7C6E68
  604901: 16:41:13.333 Aug 21: ISAKMP: (2073): error suppression node 284724149 FALSE reason 'informational (en) State 1.
  604902: 16:41:13.333 Aug 21: ISAKMP: (2073): entry = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
  604903: 16:41:13.333 Aug 21: ISAKMP: (2073): former State = new State IKE_P1_COMPLETE = IKE_P1_COMPLETE

  581504: 16:59:12.805 Aug 20: ISAKMP: (2147): purge the node-1455244451
  581505: 16:59:12.805 Aug 20: ISAKMP: (2147): purge the node 840814618
  581506: 16:59:13.933 Aug 20: ISAKMP (2147): received 201.195.231.162 packet dport 4500 sport 37897 Global (R) QM_IDLE
  581507: 16:59:13.933 Aug 20: ISAKMP: node set 801982813 to QM_IDLE
  581508: 20 August 16:59:13.933: ISAKMP: (2147): HASH payload processing. Message ID = 801982813
  581509: 16:59:13.933 Aug 20: ISAKMP: receives the payload type 18
  581510: 16:59:13.933 Aug 20: ISAKMP: (2147): treatment remove with load useful reason
  581511: 16:59:13.933 Aug 20: ISAKMP: (2147): remove the doi = 0
  581512: 16:59:13.933 Aug 20: ISAKMP: (2147): remove Protocol id = 1
  581513: 16:59:13.933 Aug 20: ISAKMP: (2147): remove spi_size = 16
  581514: 16:59:13.933 Aug 20: ISAKMP: (2147): remove the spis num = 1
  581515: 16:59:13.933 Aug 20: ISAKMP: (2147): delete_reason = 2
  581516: 20 August 16:59:13.933: ISAKMP: (2147): load DELETE_WITH_REASON, processing of message ID = 801982813, reason: DELETE_BY_USER_COMMAND
  581517: 16:59:13.933 Aug 20: ISAKMP: (2147): peer does not paranoid KeepAlive.

  581518: 16:59:13.933 Aug 20: ISAKMP: (2147): peer does not paranoid KeepAlive.

  581519: 16:59:13.933 Aug 20: ISAKMP: (2147): removal of State of SA reason 'Order BY user' (R) QM_IDLE (post 201.195.231.162)
  581520: 16:59:13.933 Aug 20: ISAKMP: (2147): error suppression node 801982813 FALSE reason 'informational (en) State 1.
  581521: 16:59:13.933 Aug 20: ISAKMP: node set-878597687 to QM_IDLE
  581522: 20 August 16:59:13.937: ISAKMP: (2147): lot of 201.195.231.162 sending peer_port my_port 4500 37897 (R) QM_IDLE
  581523: 16:59:13.937 Aug 20: ISAKMP: (2147): sending a packet IPv4 IKE.
  581524: 16:59:13.937 Aug 20: ISAKMP: (2147): purge the node-878597687
  581525: 16:59:13.937 Aug 20: ISAKMP: (2147): entry = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
  581526: 16:59:13.937 Aug 20: ISAKMP: (2147): former State = new State IKE_P1_COMPLETE = IKE_DEST_SA

  I opened a case with TAC on this and they do not understand what is the cause.  For them, it looks like a bug without papers.  And their recommendation is to reboot, upgrade or try configuring L2TP for remote users.

  Thank you

  JP

  JP,

  An update of IOS is worth it, even if him debugs seems to indicate that there is a problem with the client. If possible, I always suggest test with another client to see if it is unique to the Cisco VPN Client on Win7. Regarding the limit of 20 tunnel, it is very probably the number of IPsec security associations. If you issue a 'show crypto eli', this example displays the number of Sessions that are currently active IPSec.

  HTH,

  Frank

• VPN client hangs after password authentication

  Hello

  When a remote client tries to establish a VPN session with our (6.3 ongoing) Pix Firewall, it crashes right after the prompt of password with this message (see attachment). When I try the same all works very well. I've included bits of code, I think that relate to their installation.

  name 128.51.0.3 ATG-STELPLAN-Svr

  name 128.60.4.4 ATG-Irish-EMS-Svr

  name 194.201.29.0 LAN-Metalogic

  name 192.168.2.0 LAN-Metalogic2

  name 128.31.1.78 MultiMetals-new-Svr

  name 10.10.253.253 Metalogic_Support_Host

  acl_mdc_inside_nat0 list of allowed access host ip host MultiMetals-new-Svr Metalogic_Support_Host

  acl_mdc_inside_nat0 list of allowed access host ip host EMS Metalogic_Support_Host

  acl_mdc_inside_nat0 list of allowed access host ip host ATG-EMS1 Metalogic_Support_Host

  acl_mdc_inside_nat0 list of allowed access host ip host ATG-STELPLAN-Svr Metalogic_Support_Host

  acl_mdc_inside_nat0 list of allowed access host ip host ATG-Irish-EMS-Svr Metalogic_Support_Host

  acl_mdc_Metalogic-remote_split_tunnel permitted object-group Murray_Subnets ip access-list all

  Metalogic_Pool Metalogic_Support_Host local pool IP 255.255.255.255 mask

  NAT (inside) 0-list of access acl_mdc_inside_nat0

  vpngroup address pool Metalogic_Pool Metalogic_Support

  vpngroup Metalogic_Support by default-field carnegie - it.com

  vpngroup split acl_mdc_Metalogic-remote_split_tunnel tunnel Metalogic_Support

  vpngroup idle 1800 Metalogic_Support-time

  vpngroup password Metalogic_Support *.

  Help, please.

  Thank you

  Rex

  Well, if they have a Linux IPSEC firewall will pass through. A similar problem and the issue of the Linux not passed IPSEC traffic. I suggested to the other party to try the laptop worked outside area and power.

  Therefore, do not worry coz your configuration is correct.

  Let me know if you need help,

  Kind regards

• VMware client disconnects after a black screen

  Hello

  I've just implemented vmware view our cluster that works very well internally without problems.

  But from the outside when I connect via vmview client, first it connects then shows my desktop with Betclic after I confirm the SSL security and then it waits a few seconds then connects but the screen remains black and then closes the connection by saying: 'the connection to the remote computer is complete.'

  I double checked all the settings of the firewall and ports.

  Someone had this problem?

  I was wondering if I'm missing something somewhere

  Thank you

  My first step would be to review this document.  http://communities.VMware.com/docs/doc-14974    He goes over everything you need for the implementation of remote access.

• Satellite L650D - Internet disconnects after 1 hour

  Hey guys,.

  I recently bought a Toshiba Satellite L650D. For a week, I tried to figure out why my laptop freezes and my internet connection disconnects. It seems that my CARD without WIRE of BROADCOM 802.11n driver.

  Can someone help me find a new driver that has this fixed thing?

  Thank you

  Hello

  > can someone help me find a new driver that has this fixed thing?

  have you checked if the updated wlan driver available on the Toshiba driver? You can also go to the vendor's site and check for a new driver released.

• Cannot ping inside the vpn client hosts. It's a NAT problem

  Hello everyone, I'm running into what seems to be a cause of exclusion with an IOS IPSEC VPN NAT/nat. I can connect to the VPN with cisco IPSEC VPN client, and I am able to authenticate. Once I have authenticate, I'm not able to reach one of the guests inside. Below is my relevant config. Any help would be greatly appreciated.

  AAA new-model

  !

  !

  AAA authentication login default local

  radius of group AAA authentication login userauthen

  AAA authorization exec default local

  AAA authorization groupauthor LAN

  crypto ISAKMP policy 3

  BA 3des

  preshared authentication

  Group 2

  !

  ISAKMP crypto client configuration group businessVPN

  key xxxxxx

  DNS 192.168.10.2

  business.local field

  pool vpnpool

  ACL 108

  Crypto isakmp VPNclient profile

  businessVPN group identity match

  client authentication list userauthen

  ISAKMP authorization list groupauthor

  client configuration address respond

  !

  !

  Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT

  !

  Crypto-map dynamic dynmap 10

  Set transform-set RIGHT

  Define VPNclient isakmp-profile

  market arriere-route

  !

  !

  10 ipsec-isakmp crypto map clientmap Dynamics dynmap

  interface Loopback0

  IP 10.1.10.2 255.255.255.252

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  IP virtual-reassembly

  !

  Null0 interface

  no ip unreachable

  !

  interface FastEthernet0/0

  IP 111.111.111.138 255.255.255.252

  IP access-group outside_in in

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  NAT outside IP

  inspect the outgoing IP outside

  IP virtual-reassembly

  automatic duplex

  automatic speed

  clientmap card crypto

  !

  the integrated-Service-Engine0/0 interface

  description Locator is initialized with default IMAP group

  IP unnumbered Loopback0

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  IP virtual-reassembly

  ip address of service-module 10.1.10.1 255.255.255.252

  Service-module ip default gateway - 10.1.10.2

  interface BVI1

  IP 192.168.10.1 255.255.255.0

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  IP nat inside

  IP virtual-reassembly

  IP nat inside source static tcp 192.168.10.2 25 interface FastEthernet0/0 25

  IP nat inside source static tcp 192.168.10.2 443 interface FastEthernet0/0 443

  IP nat inside source static tcp 192.168.10.2 3389 interface FastEthernet0/0 3389

  IP nat inside source map route nat interface FastEthernet0/0 overload

  nat extended IP access list

  deny ip 192.168.10.0 0.0.0.255 192.168.109.0 0.0.0.255

  refuse the 10.1.1.0 ip 0.0.0.255 192.168.109.0 0.0.0.255

  ip licensing 10.1.1.0 0.0.0.255 any

  permit ip 192.168.10.0 0.0.0.255 any

  sheep extended IP access list

  permit ip 192.168.10.0 0.0.0.255 192.168.109.0 0.0.0.255

  ip permit 10.1.10.0 0.0.0.255 192.168.109.0 0.0.0.255

  ip licensing 10.1.1.0 0.0.0.255 192.168.109.0 0.0.0.255

  outside_in extended IP access list

  permit tcp object-group Yes_SMTP host 111.111.111.138 eq smtp

  permit any any eq 443 tcp

  permit tcp 20.20.20.96 0.0.0.31 host 111.111.111.138 eq 3389

  permit tcp 20.20.20.96 0.0.0.31 host 111.111.111.138 eq 22

  allow any host 111.111.111.138 esp

  allow any host 111.111.111.138 eq isakmp udp

  allow any host 111.111.111.138 eq non500-isakmp udp

  allow any host 111.111.111.138 ahp

  allow accord any host 111.111.111.138

  access-list 108 allow ip 192.168.109.0 0.0.0.255 192.168.10.0 0.0.0.255

  access-list 108 allow ip 192.168.109.0 0.0.0.255 10.1.1.0 0.0.0.255

  access-list 108 allow ip 192.168.109.0 0.0.0.255 10.1.10.0 0.0.0.255

  !

  !

  !

  !

  route nat allowed 10 map

  match ip address nat

  1 channel ip bridge

  In my view, the acl applied to customer is back. It must allow traffic from the internal network to the pool of customers.

  To confirm, you can open the Cisco VPN client statistics (after login) then go in the route Details tab. We should see the networks you should be able to reach the customer. Make sure that the good ones are here.

  Kind regards

• Cisco VPN Client with Windows 7 Home Premium 64-bit

  I recently bought a new laptop with Windows 7 Home Premium 64-bit.   I need to connect to a VPN IPSEC to work.  I tried the current VPN client and after reading the posts in this group, I tried vpnclient-win-msi-5.0.07.0240-k9-BETA.exe.  When I tried to install the beta version, I get the following error message:

  Error 28011: Windows 64-bit is not supported by Cisco Systems VPN Client 5.0.07.0240.

  Any suggestion would be appreciated.

  Hello

  You should download the 64-bit version. vpnclient-winx64-MSI-5.0.07.0240-K9-Beta.exe is the version you tried to install the 32-bit version

  Thank you

  John

• 'Connected' but 5.0.07.0440 VPN client does not work

  Hello

  IMPORTANT THING I FORGOT: the customer seems to be connected. It shows a lock locked and says connected but ping shows that nothing is not working too.

  I recently tried, in vain, to connect my win7 64 bit laptop to my place of work with the Client VPN 5.0.07.0440. All technitians and support staff could not understand the problem that prevented successful login. Later, I could connect my laptop using the VPN Client 5.0.07.0410 - same home network via an old k9, winXP.

  What could be the problem with Win7 system? Work on my old laptop is a temporary solution, but not a good thing. I would be grateful for all the help I can get.

  I tried:

  -For each access to the Cisco VPN client on my ZoneAlarm firewall.

  -Turning off the firewall completely.

  -Connect to a different network (in an Internet Café).

  Personal support at work said this isn't the network (they checked my too just in case wifi router settings) from my old computer obviously connects without any problem on the first try.

  ANY ideas would be very appreciated!

  Here is the info yet:

  -Cisco VPN Client 5.0.07.0440

  -64-bit Windows 7 Home Premium SP 1.

  My security software (which may cause the problem as far as I know, even if I close ZoneAlarm):

  -Free firewall zone alarm

  -Microsoft Security Essentials.

  (maybe windows firewall too, if it automatically restarts when I turned off zone alarm)

  IMPORTANT THING I FORGOT: the customer seems to be connected. It shows a lock locked and says connected but ping shows that nothing is not working too.

  Hello

  VPN client traffic is not transmitted from your computer to the VPN at all tunnel.

  It's if you have even tried the connection to the remote server before you took this screenshot?

  ID say it is a problem with your computer. Some software cause problems for the VPN Client or Client VPN software has problems with the network card real or something similar.

  One thing I might suggest is uninstall the firewall software and the VPN Client. After that, it is enough to install the VPN Client and try to login and check the statistics of same as in the pictures above.

  -Jouni

  EDIT: Whoa 300 posts already

  Edit2: If you have a full VPN tunnel, your computer must usually generate connections to the VPN tunnel even if you do not manually connect what either. What makes it even more strange that there are absolutely no traffic in the tunnel. Full VPN tunnel means that all traffic from your computer is transferred to the VPN tunnel when his assets.

• Disconnect after...

  In my settings of pools, I have the option "disconnect after automatically disconnect" value "after 120 minutes '... Yes, there are a lot of days, when I look at my active remote sessions and I'll see a user state is "disconnected" and they will be disconnected for 4 or 6 or even 16 hours. I thought by the option I put in the settings of the pool, they would be disconnected after 2 hours?

  Can someone clarify the situation

  THX

  Mike

  I noticed this also in our environment. According to VMware support, this number is from when the user first connects not only the time elapsed since the disconnection. So if they keep disconnect and reconnect it will continue until they hit the total connection time.

• PC disconnects the VPN after several hours, can not reconnect until you restart the PC.

  Hello

  I started to use a VPN private for a video game in general since last month, but I started to run into a problem, I can't fix... my PC tends to disconnect the VPN after awhile (6 ~ 12 hours of use?) and I can't reconnect to any VPN until I restart my PC.

  However... my normal internet connection seems to work very well.

  When I try to reconnect to the VPN after I fell, I'm greeted by this error:
  http://PUU.sh/bicqT/0a6f1f8537.PNG

  I'm on Windows 7 64 bit and I use the VPN client by default windows... idk what's his name, it's putting you in the network and sharing Center.

  I tried the following things:
  * restart the network map
  diagnose the issue with windows network diagnostics 7
  * / Clear DNS cache
  * / release and / renew lease
  * reset the internet connection
  * using the internet connection of a neighbor and I am still unable to connect to any VPN until you restart the PC.

  -diagnosis after disconnecting from the VPN wireless adapter arrives leads to this...
  http://PUU.sh/bibQs/9873c02068.PNG
  http://PUU.sh/bibn7/93ec6f0934.PNG
  http://PUU.sh/biboF/3c9f865f15.PNG
  http://PUU.sh/bibpw/b204c59f01.PNG
  http://PUU.sh/bibq9/a10d3246d1.PNG

  I can't fix it through diagnostics.

  In any case, this is a problem on my end because I share the VPN with 2 other friends and they do not suffer this problem... > _

  If there is a lack of information, please tell me and I will provide.

  Thanks for any help!

  Hello

  The question you posted would be better suited in the TechNet Forums. I would recommend posting your query in the TechNet Forums.
  TechNet Forum
  http://social.technet.Microsoft.com/forums/Windows/en-us/home?category=w7itpro

  Hope this information helps.

• Roads remain in the routing table after disconnecting from the vpn client

  I am facing this problem for my clients and the easy vpn server.

  My Cisco 3825 has an easy vpn server configuration with an ip pool. When one of the customer disconnects and isakmp and ipsec his deleted by the router itself. The route pointing to the ip address of the ip pool is still in the routing table. This time, another vpn client connects and get the ip address of the ip even pool. But this new vpn client connected is located on a different interface of the router. Thus, an extreme problem happen! A route to 2 next hops is created! So bad!

  Someone else can help me? How can I delete the wrong way?

  Thank you!

  Jason Lam

  It can be useful to upgrade because he accompanied several questions IPP in earlier versions of the code with the roads not removed during the SA goes down, etc.

• Cisco VPN disconnection problem vpn client

  Hello

  We have a 8.2 (3) Cisco ASA and several vpn client ipsec that connect to it (5.0.07.0290 - k9 and 5.0.07.0410 - k9).

  ExExactly after that 4 hours of these clients vpn connections are deleted even if the client is still sending traffic. I can't find any parameter configuration in order to avoid this connection drop. Someone has an idea how solve it?

  I have

  I have

  AF

  Hello

  Please paste the output of "sh cry run." We can check the values of life.

  also, you can activate him debugs following like half an hour before that the Client waits for the time to unplug.

  Deb cry isa 127

  Deb cry ips 127.

  We can check the reason for the debugging by using the ip address of the client.

  I hope this helps.

  Kind regards

  Anisha

  P.S.:Please assign this thread answered if you feel that your query is resolved. Note the useful messages.

• Drives and airport Extreme Base Station to disconnect after connection to the VPN

  At home when I'm on WIFI, everything works fine. At the moment where I connect to the VPN to do office work, the base station will disconnect and accessible either.

  Any help?

  The problem you are experiencing is perhaps due to the type of VPN tunnel that you use to connect to your workplace. There are basically two types: 1) full or partial) 2. Note: The different VPN clients can use other words, but these are usually options when you set up a tunnel.

  When you use a complete tunnel, all traffic between your computer and the VPN of your working server, through the tunnel. No traffic is allowed on your local network, and therefore, all local resources are not available. With a partial tunnel, your computer data traffic, may as well go through the tunnel and also to your local network. One reason to use a partial tunnel, for example, is that you have a local printer, you need to perform printing. You can be connected to this type of tunnel for access to the documents and then, be able to print on this printer... otherwise, with a tunnel of full, you would print to a printer at your place of work.