VPN client disconnects

Discussion in 'Cisco' started by TimParker, Apr 3, 2009.

  1. TimParker

    TimParker Guest

    I have an odd problem with a couple of my users. I have been working
    with one that works from an office in our County Courthouse and
    chalked up the problems to getting off their network. But last night
    my boss started having the same problems and I haven't made any
    changes to the ASA for a long while.

    The issue is that they will get connected and randomly lose connection
    for no apparent reason. I need to try and help the remote user
    yesterday and connected through VNC to her laptop and was surprised
    that after roughly 10-15 minutes I was still connected. So I got the
    bright idea to just start a constant ping from my workstation to her
    VPN IP.

    She stayed connected for 30 minutes. I stopped it and within minutes
    she was DC'd. My boss tried this last night as he started having
    issues. This after being connected for over 6+ hours throughout the
    day while I was sitting here.

    I did realize that the client we are using (which is what came with
    the ASA 5505 when we bought it) is/was version 5.0.02.0290. I logged
    into Cisco and see that they have version 5.0.05.0290 now which
    appears to have been released last month (March 09). I have went
    through all the readme.txt files for the other 2 versions that appear
    to have been released since ours and don't see any glaring issues that
    either are known problems or fixed issues.

    The closest appear to be CSCsi26001 where disconnects can happen on
    reauth on rekey with a saved password. We do have the save password
    option currently on, but the reauth on rekey is disabled as per the
    default policy. So I don't think that is our issue.

    Any one seen this type of behavior? I know that at the courthouse the
    router that is being used is a older its a linksys I believe. I have
    updated it to the most current bios but it is still several years old.
    I have to check today what my boss has at home.

    I don't have this issue at home, but I have a Netgear Wireless router
    that I just bought to replace a failing one that I had.
     
    TimParker, Apr 3, 2009
    #1
    1. Advertising

  2. TimParker

    TimParker Guest

    Only about 4 of us right now. Don't think its resources. I have one
    site to site that appears to be stable. Here is the output.


    Result of the command: "sh ver"

    Cisco Adaptive Security Appliance Software Version 7.2(4)
    Device Manager Version 5.2(4)

    Compiled on Sun 06-Apr-08 13:39 by builders
    System image file is "disk0:/asa724-k8.bin"
    Config file at boot was "startup-config"

    MOPS-ASA-5505 up 21 days 3 hours

    Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
    Internal ATA Compact Flash, 128MB
    BIOS Flash M50FW080 @ 0xffe00000, 1024KB

    Encryption hardware device : Cisco ASA-5505 on-board accelerator
    (revision 0x0)
    Boot microcode : CNlite-MC-Boot-
    Cisco-1.2
    SSL/IKE microcode: CNlite-MC-IPSEC-
    Admin-3.03
    IPSec microcode : CNlite-MC-IPSECm-
    MAIN-2.05
    0: Int: Internal-Data0/0 : address is 0024.14d9.c460, irq 11
    1: Ext: Ethernet0/0 : address is 0024.14d9.c458, irq 255
    2: Ext: Ethernet0/1 : address is 0024.14d9.c459, irq 255
    3: Ext: Ethernet0/2 : address is 0024.14d9.c45a, irq 255
    4: Ext: Ethernet0/3 : address is 0024.14d9.c45b, irq 255
    5: Ext: Ethernet0/4 : address is 0024.14d9.c45c, irq 255
    6: Ext: Ethernet0/5 : address is 0024.14d9.c45d, irq 255
    7: Ext: Ethernet0/6 : address is 0024.14d9.c45e, irq 255
    8: Ext: Ethernet0/7 : address is 0024.14d9.c45f, irq 255
    9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
    10: Int: Not used : irq 255
    11: Int: Not used : irq 255

    Licensed features for this platform:
    Maximum Physical Interfaces : 8
    VLANs : 20, DMZ Unrestricted
    Inside Hosts : Unlimited
    Failover : Active/Standby
    VPN-DES : Enabled
    VPN-3DES-AES : Enabled
    VPN Peers : 25
    WebVPN Peers : 2
    Dual ISPs : Enabled
    VLAN Trunk Ports : 8

    This platform has an ASA 5505 Security Plus license.

    Serial Number: REMOVED
    Running Activation Key: REMOVED
    Configuration register is 0x1
    Configuration last modified by timparker at 09:05:26.038 EDT Fri Apr 3
    2009

    On Apr 3, 9:44 am, Artie Lange <> wrote:
    > TimParker wrote:
    > > I have an odd problem with a couple of my users. I have been working
    > > with one that works from an office in our County Courthouse and
    > > chalked up the problems to getting off their network. But last night
    > > my boss started having the same problems and I haven't made any
    > > changes to the ASA for a long while.

    >
    > > The issue is that they will get connected and randomly lose connection
    > > for no apparent reason. I need to try and help the remote user
    > > yesterday and connected through VNC to her laptop and was surprised
    > > that after roughly 10-15 minutes I was still connected. So I got the
    > > bright idea to just start a constant ping from my workstation to her
    > > VPN IP.

    >
    > How many users hitting the VPN? I would suggest doing a sh tech when a
    > disconnect happens and seeing what is happening with the firewall,
    > perhaps out of memory? VPN license could be exhausted? can you post a sh
    > ver ?
     
    TimParker, Apr 3, 2009
    #2
    1. Advertising

  3. TimParker

    TimParker Guest

    Something else I forgot to add, I am leaning away from the routers
    being the problem (at the remote user locations) as I took the one at
    the Courthouse completely out of the picture and hardcoded the address
    that they gave to us to use for that office to the laptop and the
    laptop still DC'd like clockwork......


    On Apr 3, 9:51 am, TimParker <> wrote:
    > Only about 4 of us right now. Don't think its resources. I have one
    > site to site that appears to be stable. Here is the output.
    >
    > Result of the command: "sh ver"
    >
    > Cisco Adaptive Security Appliance Software Version 7.2(4)
    > Device Manager Version 5.2(4)
    >
    > Compiled on Sun 06-Apr-08 13:39 by builders
    > System image file is "disk0:/asa724-k8.bin"
    > Config file at boot was "startup-config"
    >
    > MOPS-ASA-5505 up 21 days 3 hours
    >
    > Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHz
    > Internal ATA Compact Flash, 128MB
    > BIOS Flash M50FW080 @ 0xffe00000, 1024KB
    >
    > Encryption hardware device : Cisco ASA-5505 on-board accelerator
    > (revision 0x0)
    >                              Boot microcode   :  CNlite-MC-Boot-
    > Cisco-1.2
    >                              SSL/IKE microcode:  CNlite-MC-IPSEC-
    > Admin-3.03
    >                              IPSec microcode  :  CNlite-MC-IPSECm-
    > MAIN-2.05
    >  0: Int: Internal-Data0/0    : address is 0024.14d9.c460, irq 11
    >  1: Ext: Ethernet0/0         : address is 0024.14d9.c458, irq 255
    >  2: Ext: Ethernet0/1         : address is 0024.14d9.c459, irq 255
    >  3: Ext: Ethernet0/2         : address is 0024.14d9.c45a, irq 255
    >  4: Ext: Ethernet0/3         : address is 0024.14d9.c45b, irq 255
    >  5: Ext: Ethernet0/4         : address is 0024.14d9.c45c, irq 255
    >  6: Ext: Ethernet0/5         : address is 0024.14d9.c45d, irq 255
    >  7: Ext: Ethernet0/6         : address is 0024.14d9.c45e, irq 255
    >  8: Ext: Ethernet0/7         : address is 0024.14d9.c45f, irq 255
    >  9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
    > 10: Int: Not used            : irq 255
    > 11: Int: Not used            : irq 255
    >
    > Licensed features for this platform:
    > Maximum Physical Interfaces : 8
    > VLANs                       : 20, DMZ Unrestricted
    > Inside Hosts                : Unlimited
    > Failover                    : Active/Standby
    > VPN-DES                     : Enabled
    > VPN-3DES-AES                : Enabled
    > VPN Peers                   : 25
    > WebVPN Peers                : 2
    > Dual ISPs                   : Enabled
    > VLAN Trunk Ports            : 8
    >
    > This platform has an ASA 5505 Security Plus license.
    >
    > Serial Number: REMOVED
    > Running Activation Key: REMOVED
    > Configuration register is 0x1
    > Configuration last modified by timparker at 09:05:26.038 EDT Fri Apr 3
    > 2009
    >
    > On Apr 3, 9:44 am, Artie Lange <> wrote:
    >
    >
    >
    > > TimParker wrote:
    > > > I have an odd problem with a couple of my users. I have been working
    > > > with one that works from an office in our County Courthouse and
    > > > chalked up the problems to getting off their network. But last night
    > > > my boss started having the same problems and I haven't made any
    > > > changes to the ASA for a long while.

    >
    > > > The issue is that they will get connected and randomly lose connection
    > > > for no apparent reason. I need to try and help the remote user
    > > > yesterday and connected through VNC to her laptop and was surprised
    > > > that after roughly 10-15 minutes I was still connected. So I got the
    > > > bright idea to just start a constant ping from my workstation to her
    > > > VPN IP.

    >
    > > How many users hitting the VPN? I would suggest doing a sh tech when a
    > > disconnect happens and seeing what is happening with the firewall,
    > > perhaps out of memory? VPN license could be exhausted? can you post a sh
    > > ver ?- Hide quoted text -

    >
    > - Show quoted text -
     
    TimParker, Apr 3, 2009
    #3
  4. TimParker

    TimParker Guest

    They are all currently Wired. My boss was wireless and he has
    currently changed. Good call on the 7.x code. I was currently focusing
    on the client side. Guess it confused me since I am not having any
    issues.....


    On Apr 3, 9:57 am, Artie Lange <> wrote:
    > TimParker wrote:
    > > Something else I forgot to add, I am leaning away from the routers
    > > being the problem (at the remote user locations) as I took the one at
    > > the Courthouse completely out of the picture and hardcoded the address
    > > that they gave to us to use for that office to the laptop and the
    > > laptop still DC'd like clockwork......

    >
    > I would also look at release notes for fixes in versions later than 7.X
    > code. Also are the remote clients wireless or cabled?
     
    TimParker, Apr 3, 2009
    #4
  5. TimParker

    TimParker Guest

    Most definately. I think the newest one that I see is 8.0(4)

    Interesting to hear your problem. I have most everything all patched
    up. But I am pretty sure that the two machines in question don't have
    XP SP3 yet. I just went through a big push to get that out there to
    all my machines. So I guess it should be the other way, but who
    knows.

    Now to find the readme for 8.0(4)



    On Apr 3, 10:06 am, Artie Lange <> wrote:
    > TimParker wrote:
    > > They are all currently Wired. My boss was wireless and he has
    > > currently changed. Good call on the 7.x code. I was currently focusing
    > > on the client side. Guess it confused me since I am not having any
    > > issues.....

    >
    > The only reason I said look at the code on the FW is that I had an issue
    >   similar, I was running 7.X code on my side and there was some windows
    > update that broke the client, upgrading to the 8.X code fixed the issue.
    >
    > I was running like 7.1(x) at the time, but worth a look?
     
    TimParker, Apr 3, 2009
    #5
  6. TimParker

    TimParker Guest

    Guess I actually need to read all the notes since my running version.
    Nothing exciting was in the 8.0(4) version......

    On Apr 3, 10:12 am, TimParker <> wrote:
    > Most definately. I think the newest one that I see is 8.0(4)
    >
    > Interesting to hear your problem. I have most everything all patched
    > up. But I am pretty sure that the two machines in question don't have
    > XP SP3 yet. I just went through a big push to get that out there to
    > all my machines. So I guess it should be the other way, but who
    > knows.
    >
    > Now to find the readme for 8.0(4)
    >
    > On Apr 3, 10:06 am, Artie Lange <> wrote:
    >
    >
    >
    > > TimParker wrote:
    > > > They are all currently Wired. My boss was wireless and he has
    > > > currently changed. Good call on the 7.x code. I was currently focusing
    > > > on the client side. Guess it confused me since I am not having any
    > > > issues.....

    >
    > > The only reason I said look at the code on the FW is that I had an issue
    > >   similar, I was running 7.X code on my side and there was some windows
    > > update that broke the client, upgrading to the 8.X code fixed the issue..

    >
    > > I was running like 7.1(x) at the time, but worth a look?- Hide quoted text -

    >
    > - Show quoted text -
     
    TimParker, Apr 3, 2009
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. MP
    Replies:
    2
    Views:
    12,305
  2. jarcar
    Replies:
    0
    Views:
    608
    jarcar
    Feb 12, 2004
  3. Alexis Crawford

    VPN client unexpectedly disconnects

    Alexis Crawford, Nov 3, 2004, in forum: Cisco
    Replies:
    1
    Views:
    2,827
    Walter Roberson
    Nov 4, 2004
  4. Nick
    Replies:
    2
    Views:
    2,430
  5. D K
    Replies:
    4
    Views:
    477
Loading...

Share This Page