[c-nsp] Cisco VPN intermittent disconnects
John Kougoulos
koug at intracom.gr
Fri Oct 26 04:28:10 EDT 2012
It looks a bit strange that it takes 40 seconds to respond to the DPD
requests and then they all come together?
Is there any kind of QoS / wan accelerators in the path?
Is this Ipsec over TCP? have you tried UDP?
Regards,
John
On Thu, 25 Oct 2012, Joseph Mays wrote:
> We have a client on a connection to a cisco switch at one of our
> locations, routing out through a 3600 to a cisco firewall at a remote
> location. The firewall is a CISCO 5505 running 8.25.
>
> When they connect to the remote firewall with a cisco VPN client (Cisco
> VPN client for windows version 5.0.07.0290) they get intermittent drops
> in service. If they set up a hard firewall from inside their network
> that connects to the remote firewall, and then run their connections
> through that, it works fine. I asked them to try setting the MTU on the
> cisco client down to 576 from 1300 -- same result. They can also run the
> client through another wan connection to the remote firewall and it
> works fine. It seems to be something about connecting to the remote
> firewall with this client across the WAN connection that runs through
> us, but no errors are occurring on any of the interfaces in the path,
> and I can't find that any packets are being dropped or anything.
>
> I received a snippet of Cisco VPN client logs from the customer, but I'm
> not well-versed in it enough to see if it's providing any useful info.
> Quite possibly it is and I just am not recognizing the fact.
>
> Cisco Systems VPN Client Version 5.0.07.0290
> Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
> Client Type(s): Windows, WinNT
> Running on: 6.1.7601 Service Pack 1
> Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
>
> 2 14:29:34.774 10/25/12 Sev=Info/6 IKE/0x6300003D
> Sending DPD request to 199.30.90.62, our seq# = 2332051025
>
> 20 14:30:15.216 10/25/12 Sev=Info/5 IKE/0x63000040
> Received DPD ACK from 199.30.90.62, seq# received = 2332051025, seq# expected = 2332051032
>
More information about the cisco-nsp
mailing list