termination reason 412 with cisco vpn client
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||
|
Posted by sali on October 22, 2008, 2:50 am
Please log in for more thread options of them] into corporate network, corporate gateway is some "asa" device, don't know exactly. the internet connection is realised as adsl, mostly as 1024/192 problem is that on some locations remote user after 15-20 minutes of being connected gets alert: --- secure vpn connection terminated locally by the client reason 412: the remote peer is no longer responding --- on these faulty locations, sometimes, but unfortunately quite rare, the connection alives for longer period. this happens even in the middle of ftp transfer [so there is no "iddle" connection], on the network monitor [task manager] i see that bytes flow simply falls to zero, and after minute-two, connection breaks. it is only the vpn connection that breaks, the internet connection stays fully available. this is not a big problem if user may finish his task inside time frame of 15-20 minutes, after vpn breaks, he starts new, perform next task and so on. problem is if connection breaks before user succeeds to finish his task in that limited time frame, since then he has to start from the beginning. there is one suspicious condition: this mostly happens if the adsl gateway is configured as "router" [internet is allways "on-line", user just needs to start cisco vpn], and there are few computers on local lan, each of them having cisco vpn client, and each of them breaks after 15-20 minutes after being started, so not on the same time, but counting from the moment they were started. if the adsl gateway is configured as "bridge" [user first needs to initiate adsl connection, after that to start cisco vpn], this breaking is not reported [as far as i know], and cisco connection may stay alive for whole day long so, i dont think there is some firewall problem, or trivial misconfiguration, since cisco vpn *allways* starts, there is a good amount of network traffic passed, but breaks after 15-20 minutes why should cisco vpn connection break if started over "routed" adsl? is there any experience, or suggestion something i could additionaly check at these remote offices? thnx | |||||||||||||
|
Posted by Trendkill on October 22, 2008, 7:27 am
Please log in for more thread options > using win/xp and cisco vpn client ver 4.80 to connect remote offices [doz=
en
> of them] into corporate network, corporate gateway is some "asa" device,
s
> don't know exactly. the internet connection is realised as adsl, mostly a= > 1024/192
g
> > problem is that on some locations remote user after 15-20 minutes of bein= > connected gets alert:
f
> --- > secure vpn connection terminated locally by the client > reason 412: the remote peer is no longer responding > --- > > on these faulty locations, sometimes, but unfortunately quite rare, the > connection alives for longer period. > > this happens even in the middle of ftp transfer [so there is no "iddle" > connection], on the network monitor [task manager] i see that bytes flow > simply falls to zero, and after minute-two, connection breaks. it is only > the vpn connection that breaks, the internet connection stays fully > available. > > this is not a big problem if user may finish his task inside time frame o= > 15-20 minutes, after vpn breaks, he starts new, perform next task and so =
on.
> problem is if connection breaks before user succeeds to finish his task i=
n
> that limited time frame, since then he has to start from the beginning.
et
> > there is one suspicious condition: > this mostly happens if the adsl gateway is configured as "router" [intern= > is allways "on-line", user just needs to start cisco vpn], and there are =
few
> computers on local lan, each of them having cisco vpn client, and each of
te
> them breaks after 15-20 minutes after being started, so not on the same > time, but counting from the moment they were started. > if the adsl gateway is configured as "bridge" [user first needs to initia= > adsl connection, after that to start cisco vpn], this breaking is not
e
> reported [as far as i know], and cisco connection may stay alive for whol= > day long
t
> > so, i dont think there is some firewall problem, or trivial > misconfiguration, since cisco vpn *allways* starts, there is a good amoun= > of network traffic passed, but breaks after 15-20 minutes
k
> > why should cisco vpn connection break if started over "routed" adsl? > > is there any experience, or suggestion something i could additionaly chec= > at these remote offices?
> > thnx Sounds like a provider problem. Are any users in the office experiencing loss of internet connectivity? If they are, and you can correlate those times as the same as those who lose VPNs, then that could be your issue. Remember that web traffic is much more resilient since its tcp and will simply retransmit, but in the case of a VPN tunnel, it is much more finicky. If the connection drops, the tunnel will too. I would look into setting up some pings to external sites to see if/when you are getting drops, and how that matches up with the vpn issues. | |||||||||||||
|
Posted by Gary on October 22, 2008, 1:10 pm
Please log in for more thread options Trendkill wrote:
> Remember that web traffic is much more resilient since its tcp and
> will simply retransmit, but in the case of a VPN tunnel, it is much > more finicky. If the connection drops, the tunnel will too. I've seen similar behavior when users have used the VPN client from wireless LANs at their home office. We tell them to switch to a wired connection if they want reliable access to the corp LAN. -Gary | |||||||||||||
