cisco vpn client session does not time out

Discussion in 'Cisco' started by chery, Aug 24, 2006.

  1. chery

    chery Guest

    Hi,

    Users were not able to get connected to my PIX 515E 6.3 using VPN
    client. Upon further investigation I found that users could initially
    connect to the PIX. But if they move out of the wireless range (i.e.
    lose their network connectivity) while they are connected to the PIX,
    then they will not be able to get connected back to pix.

    I changed the idle-time for the vpn profile from 3 hours and reduced it
    to 3 minutes. Still the session time out does not work and I could see
    multiple entires for the user while giving
    "sh isakmp sa".

    I searched the group for similar problems but could not find any.
    Have anyone of you faced a similar problem. Does any solution come
    into your mind ?

    Thanks,
    Chery
     
    chery, Aug 24, 2006
    #1
    1. Advertising

  2. In article <>,
    chery <> wrote:

    >Users were not able to get connected to my PIX 515E 6.3 using VPN
    >client. Upon further investigation I found that users could initially
    >connect to the PIX. But if they move out of the wireless range (i.e.
    >lose their network connectivity) while they are connected to the PIX,
    >then they will not be able to get connected back to pix.


    Are you set for isakmp identity hostname or
    isakmp identity address

    The identity is used when a new phase 1 tunnel has to be
    negotiated due to disconnection. The client sends its identity
    as part of an ISAKMP clause that means "remove all previous
    security associations from this identity". If the identity offered
    upon reconnect does not happen to match the identity that was
    previously offered, then the previous SA are not going to be
    thrown away, and it is going to take time before the PIX figures
    out that it should no longer bother to match against those particular
    ACL entries associated with the SAs.
     
    Walter Roberson, Aug 24, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. hk
    Replies:
    0
    Views:
    1,949
  2. MP
    Replies:
    2
    Views:
    12,299
  3. jarcar
    Replies:
    0
    Views:
    606
    jarcar
    Feb 12, 2004
  4. kalim
    Replies:
    0
    Views:
    1,088
    kalim
    Jul 12, 2007
  5. Ned
    Replies:
    0
    Views:
    560
Loading...

Share This Page