[vpn-help] Client disconnects after 15-17 minutes

Matthew Grooms mgrooms at shrew.net
Mon Apr 19 21:50:46 CDT 2010


On 3/26/2010 1:23 PM, Nate Gagne wrote:
> Client version 2.1.5 on Windows 7 Pro x64, connecting to an ASA 5505
> 8.2(1). The tunnel is established, and everything is great for ~15
> minutes. After that, even with traffic flowing through the tunnel, it
> disconnects. I’ve tried with DPD enabled and disabled, it doesn’t make a
> difference.
>
> Here’s a snippet of the debug log, followed by the relevant ASA config:
>
...
> 10/03/26 14:12:50 <- : recv NAT-T:IKE packet [REDACTED]:4500 ->
> 192.168.16.35:4500 ( 84 bytes )
> 10/03/26 14:12:50 DB : phase1 found
> 10/03/26 14:12:50 ii : processing informational packet ( 84 bytes )
> 10/03/26 14:12:50 == : new informational iv ( 8 bytes )
> 10/03/26 14:12:50 =< : cookies 3a603904b57b73db:b0b5f4400d195220
> 10/03/26 14:12:50 =< : message ffc28f81
> 10/03/26 14:12:50 =< : decrypt iv ( 8 bytes )
> 10/03/26 14:12:50 == : decrypt packet ( 84 bytes )
> 10/03/26 14:12:50 <= : trimmed packet padding ( 4 bytes )
> 10/03/26 14:12:50 <= : stored iv ( 8 bytes )
> 10/03/26 14:12:50 << : hash payload
> 10/03/26 14:12:50 << : delete payload
> 10/03/26 14:12:50 == : informational hash_i ( computed ) ( 20 bytes )
> 10/03/26 14:12:50 == : informational hash_c ( received ) ( 20 bytes )
> 10/03/26 14:12:50 ii : informational hash verified
> 10/03/26 14:12:50 ii : received peer DELETE message
> 10/03/26 14:12:50 ii : - [REDACTED]:4500 -> 192.168.16.35:4500
> 10/03/26 14:12:50 ii : - isakmp spi = 3a603904b57b73db:b0b5f4400d195220
> 10/03/26 14:12:50 DB : phase1 found
> 10/03/26 14:12:50 ii : cleanup, marked phase1
> 3a603904b57b73db:b0b5f4400d195220 for removal
> 10/03/26 14:12:50 DB : phase1 soft event canceled ( ref count = 4 )
> 10/03/26 14:12:50 DB : phase1 hard event canceled ( ref count = 3 )
> 10/03/26 14:12:50 DB : phase1 dead event canceled ( ref count = 2 )
> 10/03/26 14:12:50 DB : config deleted ( obj count = 0 )
> 10/03/26 14:12:50 ii : phase1 removal before expire time
> 10/03/26 14:12:50 DB : phase1 not found
> 10/03/26 14:12:50 DB : phase1 deleted ( obj count = 0 )
> 10/03/26 14:12:50 DB : policy found
> 10/03/26 14:12:50 ii : removing IPSEC INBOUND policy
> ANY:192.168.0.0/24:* -> ANY:192.168.20.12:*
> 10/03/26 14:12:50 K> : send pfkey X_SPDDELETE2 UNSPEC message
> 10/03/26 14:12:50 DB : policy found
> 10/03/26 14:12:50 ii : removing IPSEC OUTBOUND policy
> ANY:192.168.20.12:* -> ANY:192.168.0.0/24:*
> 10/03/26 14:12:50 K> : send pfkey X_SPDDELETE2 UNSPEC message
> 10/03/26 14:12:50 K< : recv pfkey DELETE ESP message
> 10/03/26 14:12:50 ii : removed IPSEC policy route for ANY:192.168.0.0/24:*
> 10/03/26 14:12:51 K< : recv pfkey DELETE ESP message
> 10/03/26 14:12:51 K< : recv pfkey X_SPDDELETE2 UNSPEC message
> 10/03/26 14:12:51 DB : policy found
> 10/03/26 14:12:51 DB : policy deleted ( obj count = 1 )
> 10/03/26 14:12:51 K< : recv pfkey X_SPDDELETE2 UNSPEC message
> 10/03/26 14:12:51 DB : policy found
> 10/03/26 14:12:51 DB : policy deleted ( obj count = 0 )
> 10/03/26 14:12:51 ii : disabled adapter ROOT\VNET\0000
> 10/03/26 14:12:51 DB : tunnel dpd event canceled ( ref count = 3 )
> 10/03/26 14:12:51 DB : tunnel natt event canceled ( ref count = 2 )
> 10/03/26 14:12:51 DB : tunnel stats event canceled ( ref count = 1 )
> 10/03/26 14:12:51 DB : removing tunnel config references
> 10/03/26 14:12:51 DB : removing tunnel phase2 references
> 10/03/26 14:12:51 DB : removing tunnel phase1 references
> 10/03/26 14:12:51 DB : tunnel deleted ( obj count = 0 )
> 10/03/26 14:12:51 DB : removing all peer tunnel refrences
> 10/03/26 14:12:51 DB : peer deleted ( obj count = 0 )
> 10/03/26 14:12:51 ii : ipc client process thread exit ...

The gateway is sending a delete message for the ISAKMP SA which kills 
the tunnel. Do you have access to the gateway log files to determine why 
it is sending this?

-Matthew



More information about the vpn-help mailing list