termination reason 412 with cisco vpn client

Discussion in 'Cisco' started by sali, Oct 22, 2008.

  1. sali

    sali Guest

    using win/xp and cisco vpn client ver 4.80 to connect remote offices [dozen
    of them] into corporate network, corporate gateway is some "asa" device,
    don't know exactly. the internet connection is realised as adsl, mostly as
    1024/192

    problem is that on some locations remote user after 15-20 minutes of being
    connected gets alert:
    ---
    secure vpn connection terminated locally by the client
    reason 412: the remote peer is no longer responding
    ---

    on these faulty locations, sometimes, but unfortunately quite rare, the
    connection alives for longer period.

    this happens even in the middle of ftp transfer [so there is no "iddle"
    connection], on the network monitor [task manager] i see that bytes flow
    simply falls to zero, and after minute-two, connection breaks. it is only
    the vpn connection that breaks, the internet connection stays fully
    available.

    this is not a big problem if user may finish his task inside time frame of
    15-20 minutes, after vpn breaks, he starts new, perform next task and so on.
    problem is if connection breaks before user succeeds to finish his task in
    that limited time frame, since then he has to start from the beginning.

    there is one suspicious condition:
    this mostly happens if the adsl gateway is configured as "router" [internet
    is allways "on-line", user just needs to start cisco vpn], and there are few
    computers on local lan, each of them having cisco vpn client, and each of
    them breaks after 15-20 minutes after being started, so not on the same
    time, but counting from the moment they were started.
    if the adsl gateway is configured as "bridge" [user first needs to initiate
    adsl connection, after that to start cisco vpn], this breaking is not
    reported [as far as i know], and cisco connection may stay alive for whole
    day long

    so, i dont think there is some firewall problem, or trivial
    misconfiguration, since cisco vpn *allways* starts, there is a good amount
    of network traffic passed, but breaks after 15-20 minutes

    why should cisco vpn connection break if started over "routed" adsl?

    is there any experience, or suggestion something i could additionaly check
    at these remote offices?

    thnx
     
    sali, Oct 22, 2008
    #1
    1. Advertisements

  2. sali

    Trendkill Guest

    Sounds like a provider problem. Are any users in the office
    experiencing loss of internet connectivity? If they are, and you can
    correlate those times as the same as those who lose VPNs, then that
    could be your issue. Remember that web traffic is much more resilient
    since its tcp and will simply retransmit, but in the case of a VPN
    tunnel, it is much more finicky. If the connection drops, the tunnel
    will too. I would look into setting up some pings to external sites
    to see if/when you are getting drops, and how that matches up with the
    vpn issues.
     
    Trendkill, Oct 22, 2008
    #2
    1. Advertisements

  3. sali

    Gary Guest

    I've seen similar behavior when users have used the VPN client from
    wireless LANs at their home office. We tell them to switch to a wired
    connection if they want reliable access to the corp LAN.

    -Gary
     
    Gary, Oct 22, 2008
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.