[c-nsp] Cisco VPN intermittent disconnects

John Kougoulos koug at intracom.gr
Fri Oct 26 04:28:10 EDT 2012 

It looks a bit strange that it takes 40 seconds to respond to the DPD 
requests and then they all come together?

Is there any kind of QoS / wan accelerators in the path?

Is this Ipsec over TCP? have you tried UDP?

Regards,
John

On Thu, 25 Oct 2012, Joseph Mays wrote:

> We have a client on a connection to a cisco switch at one of our 
> locations, routing out through a 3600 to a cisco firewall at a remote 
> location. The firewall is a CISCO 5505 running 8.25.
>
> When they connect to the remote firewall with a cisco VPN client (Cisco 
> VPN client for windows version 5.0.07.0290) they get intermittent drops 
> in service. If they set up a hard firewall from inside their network 
> that connects to the remote firewall, and then run their connections 
> through that, it works fine. I asked them to try setting the MTU on the 
> cisco client down to 576 from 1300 -- same result. They can also run the 
> client through another wan connection to the remote firewall and it 
> works fine. It seems to be something about connecting to the remote 
> firewall with this client across the WAN connection that runs through 
> us, but no errors are occurring on any of the interfaces in the path, 
> and I can't find that any packets are being dropped or anything.
>
> I received a snippet of Cisco VPN client logs from the customer, but I'm 
> not well-versed in it enough to see if it's providing any useful info. 
> Quite possibly it is and I just am not recognizing the fact.
>
> Cisco Systems VPN Client Version 5.0.07.0290
> Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
> Client Type(s): Windows, WinNT
> Running on: 6.1.7601 Service Pack 1
> Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
>
> 2      14:29:34.774  10/25/12  Sev=Info/6            IKE/0x6300003D
> Sending DPD request to 199.30.90.62, our seq# = 2332051025
>
> 20     14:30:15.216  10/25/12  Sev=Info/5           IKE/0x63000040
> Received DPD ACK from 199.30.90.62, seq# received = 2332051025, seq# expected = 2332051032
>

More information about the cisco-nsp mailing list