Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 514 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Roadwarrior VPN Disconnect?

kwermann
Hi All,

I have a remote IPSec Roadwarrior connecting. Every few hours they loose their VPN connection. Here is a segment of their logfile from ASC:

9/7/2006 2:29:56 PM  NOTIFY : vpn : SENT : NOTIFY_MSG_R_U_HERE
9/7/2006 2:30:06 PM  NOTIFY : vpn : SENT : NOTIFY_MSG_R_U_HERE
9/7/2006 2:30:16 PM  Disconnect: cause - IKE Dead Peer Detection.
9/7/2006 2:30:16 PM  NCPIKE-phase1:name(vpn) - error - DPD timer response expired
9/7/2006 2:30:16 PM  IPSDIAL  - disconnected from vpn on channel 1.
9/7/2006 2:33:43 PM  IPSDIALCHAN::start building connection
9/7/2006 2:33:43 PM  NCPIKE-phase1:name(vpn) - outgoing connect request - main mode.
9/7/2006 2:33:43 PM  XMIT_MSG1_MAIN - vpn
9/7/2006 2:34:00 PM  NCPIKE-phase1:name(vpn) - error - retry timeout - max retries
9/7/2006 2:34:00 PM  IPSDIAL  - disconnected from vpn on channel 1.
9/7/2006 2:43:02 PM  IPSDIALCHAN::start building connection
9/7/2006 2:43:02 PM  NCPIKE-phase1:name(vpn) - outgoing connect request - main mode.
9/7/2006 2:43:02 PM  XMIT_MSG1_MAIN - vpn
9/7/2006 2:43:02 PM  RECV_MSG2_MAIN - vpn
9/7/2006 2:43:02 PM  IPSDIAL->FINAL_TUNNEL_ENDPOINT:xxx.xxx.xxx.xxx
9/7/2006 2:43:02 PM  IKE phase I: Setting LifeTime to 7800 seconds
9/7/2006 2:43:02 PM  vpn ->Support for NAT-T version - 9
9/7/2006 2:43:02 PM  XMIT_MSG3_MAIN - vpn
9/7/2006 2:43:02 PM  RECV_MSG4_MAIN - vpn
9/7/2006 2:43:02 PM  Turning on NATD mode - vpn - 1
9/7/2006 2:43:02 PM  XMIT_MSG5_MAIN - vpn
9/7/2006 2:43:02 PM  XMIT_MSG5_MAIN_RESUME - vpn
9/7/2006 2:43:02 PM  RECV_MSG6_MAIN - vpn
9/7/2006 2:43:02 PM  RECV_MSG6_MAIN_RESUME - vpn
9/7/2006 2:43:02 PM  Turning on DPD mode - vpn
9/7/2006 2:43:02 PM  NCPIKE-phase1:name(vpn) - connected
9/7/2006 2:43:02 PM  Phase1 is Ready: IkeIndex = 00000007
9/7/2006 2:43:02 PM  Quick Mode is Ready: IkeIndex = 00000007 , VpnSrcPort = 4500
9/7/2006 2:43:02 PM  Assigned IP Address: xxx.xxx.xxx.xxx
9/7/2006 2:43:02 PM  XMIT_MSG1_QUICK - vpn
9/7/2006 2:43:02 PM  RECV_MSG2_QUICK - vpn
9/7/2006 2:43:02 PM  XMIT_MSG3_QUICK - vpn
9/7/2006 2:43:02 PM  NCPIKE-phase2:name(vpn) - connected
9/7/2006 2:43:02 PM  IPSDIAL  - connected to vpn on channel 1.
9/7/2006 2:43:02 PM  IPCP  - connected to vpn with IP Address: xxx.xxx.xxx.xxx. : xxx.xxx.xxx.xxx.

I disabled Dead Peer Detection at the firewall. Shouldn't the device stay connected? Do I need to modify the SA LIFETIME's in the Firewall, and/or ASC?

Any help is appreciated.

Thanks,

Ken


This thread was automatically locked due to age.
Cookie Information Banner