termination reason 412 with cisco vpn client

Discussion in 'Cisco' started by sali, Oct 22, 2008.

  1. sali

    sali Guest

    using win/xp and cisco vpn client ver 4.80 to connect remote offices [dozen
    of them] into corporate network, corporate gateway is some "asa" device,
    don't know exactly. the internet connection is realised as adsl, mostly as
    1024/192

    problem is that on some locations remote user after 15-20 minutes of being
    connected gets alert:
    ---
    secure vpn connection terminated locally by the client
    reason 412: the remote peer is no longer responding
    ---

    on these faulty locations, sometimes, but unfortunately quite rare, the
    connection alives for longer period.

    this happens even in the middle of ftp transfer [so there is no "iddle"
    connection], on the network monitor [task manager] i see that bytes flow
    simply falls to zero, and after minute-two, connection breaks. it is only
    the vpn connection that breaks, the internet connection stays fully
    available.

    this is not a big problem if user may finish his task inside time frame of
    15-20 minutes, after vpn breaks, he starts new, perform next task and so on.
    problem is if connection breaks before user succeeds to finish his task in
    that limited time frame, since then he has to start from the beginning.

    there is one suspicious condition:
    this mostly happens if the adsl gateway is configured as "router" [internet
    is allways "on-line", user just needs to start cisco vpn], and there are few
    computers on local lan, each of them having cisco vpn client, and each of
    them breaks after 15-20 minutes after being started, so not on the same
    time, but counting from the moment they were started.
    if the adsl gateway is configured as "bridge" [user first needs to initiate
    adsl connection, after that to start cisco vpn], this breaking is not
    reported [as far as i know], and cisco connection may stay alive for whole
    day long

    so, i dont think there is some firewall problem, or trivial
    misconfiguration, since cisco vpn *allways* starts, there is a good amount
    of network traffic passed, but breaks after 15-20 minutes

    why should cisco vpn connection break if started over "routed" adsl?

    is there any experience, or suggestion something i could additionaly check
    at these remote offices?

    thnx
    sali, Oct 22, 2008
    #1
    1. Advertising

  2. sali

    Trendkill Guest

    On Oct 22, 2:50 am, "sali" <> wrote:
    > using win/xp and cisco vpn client ver 4.80 to connect remote offices [dozen
    > of them] into corporate network, corporate gateway is some "asa" device,
    > don't know exactly. the internet connection is realised as adsl, mostly as
    > 1024/192
    >
    > problem is that on some locations remote user after 15-20 minutes of being
    > connected gets alert:
    > ---
    > secure vpn connection terminated locally by the client
    > reason 412: the remote peer is no longer responding
    > ---
    >
    > on these faulty locations, sometimes, but unfortunately quite rare, the
    > connection alives for longer period.
    >
    > this happens even in the middle of ftp transfer [so there is no "iddle"
    > connection], on the network monitor [task manager] i see that bytes flow
    > simply falls to zero, and after minute-two, connection breaks. it is only
    > the vpn connection that breaks, the internet connection stays fully
    > available.
    >
    > this is not a big problem if user may finish his task inside time frame of
    > 15-20 minutes, after vpn breaks, he starts new, perform next task and so on.
    > problem is if connection breaks before user succeeds to finish his task in
    > that limited time frame, since then he has to start from the beginning.
    >
    > there is one suspicious condition:
    > this mostly happens if the adsl gateway is configured as "router" [internet
    > is allways "on-line", user just needs to start cisco vpn], and there are few
    > computers on local lan, each of them having cisco vpn client, and each of
    > them breaks after 15-20 minutes after being started, so not on the same
    > time, but counting from the moment they were started.
    > if the adsl gateway is configured as "bridge" [user first needs to initiate
    > adsl connection, after that to start cisco vpn], this breaking is not
    > reported [as far as i know], and cisco connection may stay alive for whole
    > day long
    >
    > so, i dont think there is some firewall problem, or trivial
    > misconfiguration, since cisco vpn *allways* starts, there is a good amount
    > of network traffic passed, but breaks after 15-20 minutes
    >
    > why should cisco vpn connection break if started over "routed" adsl?
    >
    > is there any experience, or suggestion something i could additionaly check
    > at these remote offices?
    >
    > thnx


    Sounds like a provider problem. Are any users in the office
    experiencing loss of internet connectivity? If they are, and you can
    correlate those times as the same as those who lose VPNs, then that
    could be your issue. Remember that web traffic is much more resilient
    since its tcp and will simply retransmit, but in the case of a VPN
    tunnel, it is much more finicky. If the connection drops, the tunnel
    will too. I would look into setting up some pings to external sites
    to see if/when you are getting drops, and how that matches up with the
    vpn issues.
    Trendkill, Oct 22, 2008
    #2
    1. Advertising

  3. sali

    Gary Guest

    Trendkill wrote:

    > Remember that web traffic is much more resilient since its tcp and
    > will simply retransmit, but in the case of a VPN tunnel, it is much
    > more finicky. If the connection drops, the tunnel will too.


    I've seen similar behavior when users have used the VPN client from
    wireless LANs at their home office. We tell them to switch to a wired
    connection if they want reliable access to the corp LAN.

    -Gary
    Gary, Oct 22, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. MP
    Replies:
    2
    Views:
    12,224
  2. Asif
    Replies:
    2
    Views:
    12,608
  3. James
    Replies:
    30
    Views:
    324,758
    diggisaur
    Jan 15, 2014
  4. JC
    Replies:
    2
    Views:
    2,179
    Arcaidy
    Apr 23, 2004
  5. Paul Elungat
    Replies:
    0
    Views:
    770
    Paul Elungat
    Jan 25, 2008
Loading...

Share This Page