1. Home
  2. Cisco Systems
  3. VPN client disconnects

VPN client disconnects

I have an odd problem with a couple of my users. I have been working with one that works from an office in our County Courthouse and chalked up the problems to getting off their network. But last night my boss started having the same problems and I haven't made any changes to the ASA for a long while.

The issue is that they will get connected and randomly lose connection for no apparent reason. I need to try and help the remote user yesterday and connected through VNC to her laptop and was surprised that after roughly 10-15 minutes I was still connected. So I got the bright idea to just start a constant ping from my workstation to her VPN IP.

She stayed connected for 30 minutes. I stopped it and within minutes she was DC'd. My boss tried this last night as he started having issues. This after being connected for over 6+ hours throughout the day while I was sitting here.

I did realize that the client we are using (which is what came with the ASA 5505 when we bought it) is/was version 5.0.02.0290. I logged into Cisco and see that they have version 5.0.05.0290 now which appears to have been released last month (March 09). I have went through all the readme.txt files for the other 2 versions that appear to have been released since ours and don't see any glaring issues that either are known problems or fixed issues.

The closest appear to be CSCsi26001 where disconnects can happen on reauth on rekey with a saved password. We do have the save password option currently on, but the reauth on rekey is disabled as per the default policy. So I don't think that is our issue.

Any one seen this type of behavior? I know that at the courthouse the router that is being used is a older its a linksys I believe. I have updated it to the most current bios but it is still several years old. I have to check today what my boss has at home.

I don't have this issue at home, but I have a Netgear Wireless router that I just bought to replace a failing one that I had.

Reply to
TimParker
Loading thread data ...

How many users hitting the VPN? I would suggest doing a sh tech when a disconnect happens and seeing what is happening with the firewall, perhaps out of memory? VPN license could be exhausted? can you post a sh ver ?

Reply to
Artie Lange

Only about 4 of us right now. Don't think its resources. I have one site to site that appears to be stable. Here is the output.

Result of the command: "sh ver"

Cisco Adaptive Security Appliance Software Version 7.2(4) Device Manager Version 5.2(4)

Compiled on Sun 06-Apr-08 13:39 by builders System image file is "disk0:/asa724-k8.bin" Config file at boot was "startup-config"

MOPS-ASA-5505 up 21 days 3 hours

Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz Internal ATA Compact Flash, 128MB BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0) Boot microcode : =02CNlite-MC-Boot- Cisco-1.2 SSL/IKE microcode: =03CNlite-MC-IPSEC- Admin-3.03 IPSec microcode : =01CNlite-MC-IPSECm- MAIN-2.05 0: Int: Internal-Data0/0 : address is 0024.14d9.c460, irq 11 1: Ext: Ethernet0/0 : address is 0024.14d9.c458, irq 255 2: Ext: Ethernet0/1 : address is 0024.14d9.c459, irq 255 3: Ext: Ethernet0/2 : address is 0024.14d9.c45a, irq 255 4: Ext: Ethernet0/3 : address is 0024.14d9.c45b, irq 255 5: Ext: Ethernet0/4 : address is 0024.14d9.c45c, irq 255 6: Ext: Ethernet0/5 : address is 0024.14d9.c45d, irq 255 7: Ext: Ethernet0/6 : address is 0024.14d9.c45e, irq 255 8: Ext: Ethernet0/7 : address is 0024.14d9.c45f, irq 255 9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255

10: Int: Not used : irq 255 11: Int: Not used : irq 255

Licensed features for this platform: Maximum Physical Interfaces : 8 VLANs : 20, DMZ Unrestricted Inside Hosts : Unlimited Failover : Active/Standby VPN-DES : Enabled VPN-3DES-AES : Enabled VPN Peers : 25 WebVPN Peers : 2 Dual ISPs : Enabled VLAN Trunk Ports : 8

This platform has an ASA 5505 Security Plus license.

Serial Number: REMOVED Running Activation Key: REMOVED Configuration register is 0x1 Configuration last modified by timparker at 09:05:26.038 EDT Fri Apr 3

2009
Reply to
TimParker

Something else I forgot to add, I am leaning away from the routers being the problem (at the remote user locations) as I took the one at the Courthouse completely out of the picture and hardcoded the address that they gave to us to use for that office to the laptop and the laptop still DC'd like clockwork......

=A0 : =A0CNlite-MC-Boot-

ode: =A0CNlite-MC-IPSEC-

e =A0: =A0CNlite-MC-IPSECm-

Reply to
TimParker

I would also look at release notes for fixes in versions later than 7.X code. Also are the remote clients wireless or cabled?

Reply to
Artie Lange

They are all currently Wired. My boss was wireless and he has currently changed. Good call on the 7.x code. I was currently focusing on the client side. Guess it confused me since I am not having any issues.....

Reply to
TimParker

The only reason I said look at the code on the FW is that I had an issue similar, I was running 7.X code on my side and there was some windows update that broke the client, upgrading to the 8.X code fixed the issue.

I was running like 7.1(x) at the time, but worth a look?

Reply to
Artie Lange

Most definately. I think the newest one that I see is 8.0(4)

Interesting to hear your problem. I have most everything all patched up. But I am pretty sure that the two machines in question don't have XP SP3 yet. I just went through a big push to get that out there to all my machines. So I guess it should be the other way, but who knows.

Now to find the readme for 8.0(4)

Reply to
TimParker

Reply to
TimParker

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.