[vpn-help] Client disconnects after 15-17 minutes
Nate Gagne
Nate.Gagne at sequoyatech.com
Fri Mar 26 13:23:12 CDT 2010
Client version 2.1.5 on Windows 7 Pro x64, connecting to an ASA 5505
8.2(1). The tunnel is established, and everything is great for ~15
minutes. After that, even with traffic flowing through the tunnel, it
disconnects. I've tried with DPD enabled and disabled, it doesn't make
a difference.
Here's a snippet of the debug log, followed by the relevant ASA config:
10/03/26 14:12:14 DB : phase1 found
10/03/26 14:12:14 -> : send NAT-T:KEEP-ALIVE packet 192.168.16.35:4500
-> [REDACTED]:4500
10/03/26 14:12:14 DB : phase1 found
10/03/26 14:12:14 ii : sending peer DPDV1-R-U-THERE notification
10/03/26 14:12:14 ii : - 192.168.16.35:4500 -> [REDACTED]:4500
10/03/26 14:12:14 ii : - isakmp spi = 3a603904b57b73db:b0b5f4400d195220
10/03/26 14:12:14 ii : - data size 4
10/03/26 14:12:14 >> : hash payload
10/03/26 14:12:14 >> : notification payload
10/03/26 14:12:14 == : new informational hash ( 20 bytes )
10/03/26 14:12:14 == : new informational iv ( 8 bytes )
10/03/26 14:12:14 >= : cookies 3a603904b57b73db:b0b5f4400d195220
10/03/26 14:12:14 >= : message eab3ef88
10/03/26 14:12:14 >= : encrypt iv ( 8 bytes )
10/03/26 14:12:14 == : encrypt packet ( 84 bytes )
10/03/26 14:12:14 == : stored iv ( 8 bytes )
10/03/26 14:12:14 -> : send NAT-T:IKE packet 192.168.16.35:4500 ->
[REDACTED]:4500 ( 116 bytes )
10/03/26 14:12:14 ii : DPD ARE-YOU-THERE sequence 3c457e46 requested
10/03/26 14:12:14 <- : recv NAT-T:IKE packet [REDACTED]:4500 ->
192.168.16.35:4500 ( 84 bytes )
10/03/26 14:12:14 DB : phase1 found
10/03/26 14:12:14 ii : processing informational packet ( 84 bytes )
10/03/26 14:12:14 == : new informational iv ( 8 bytes )
10/03/26 14:12:14 =< : cookies 3a603904b57b73db:b0b5f4400d195220
10/03/26 14:12:14 =< : message 1b8a6452
10/03/26 14:12:14 =< : decrypt iv ( 8 bytes )
10/03/26 14:12:14 == : decrypt packet ( 84 bytes )
10/03/26 14:12:14 <= : stored iv ( 8 bytes )
10/03/26 14:12:14 << : hash payload
10/03/26 14:12:14 << : notification payload
10/03/26 14:12:14 == : informational hash_i ( computed ) ( 20 bytes )
10/03/26 14:12:14 == : informational hash_c ( received ) ( 20 bytes )
10/03/26 14:12:14 ii : informational hash verified
10/03/26 14:12:14 ii : received peer DPDV1-R-U-THERE-ACK notification
10/03/26 14:12:14 ii : - [REDACTED]:4500 -> 192.168.16.35:4500
10/03/26 14:12:14 ii : - isakmp spi = 3a603904b57b73db:b0b5f4400d195220
10/03/26 14:12:14 ii : - data size 4
10/03/26 14:12:14 ii : DPD ARE-YOU-THERE-ACK sequence 3c457e46 accepted
10/03/26 14:12:14 ii : next tunnel DPD request in 15 secs for peer
[REDACTED]:4500
10/03/26 14:12:17 <- : recv NAT-T:IKE packet [REDACTED]:4500 ->
192.168.16.35:4500 ( 368 bytes )
10/03/26 14:12:17 DB : phase1 not found
10/03/26 14:12:17 ii : attempting to locate tunnel for peer [REDACTED]
10/03/26 14:12:17 DB : tunnel found
10/03/26 14:12:17 ww : ike packet from [REDACTED] ignored, contact is
denied for peer
10/03/26 14:12:25 <- : recv NAT-T:IKE packet [REDACTED]:4500 ->
192.168.16.35:4500 ( 368 bytes )
10/03/26 14:12:25 DB : phase1 not found
10/03/26 14:12:25 ii : attempting to locate tunnel for peer [REDACTED]
10/03/26 14:12:25 DB : tunnel found
10/03/26 14:12:25 ww : ike packet from [REDACTED] ignored, contact is
denied for peer
10/03/26 14:12:29 DB : phase1 found
10/03/26 14:12:29 -> : send NAT-T:KEEP-ALIVE packet 192.168.16.35:4500
-> [REDACTED]:4500
10/03/26 14:12:29 DB : phase1 found
10/03/26 14:12:29 ii : sending peer DPDV1-R-U-THERE notification
10/03/26 14:12:29 ii : - 192.168.16.35:4500 -> [REDACTED]:4500
10/03/26 14:12:29 ii : - isakmp spi = 3a603904b57b73db:b0b5f4400d195220
10/03/26 14:12:29 ii : - data size 4
10/03/26 14:12:29 >> : hash payload
10/03/26 14:12:29 >> : notification payload
10/03/26 14:12:29 == : new informational hash ( 20 bytes )
10/03/26 14:12:29 == : new informational iv ( 8 bytes )
10/03/26 14:12:29 >= : cookies 3a603904b57b73db:b0b5f4400d195220
10/03/26 14:12:29 >= : message 8cb67d72
10/03/26 14:12:29 >= : encrypt iv ( 8 bytes )
10/03/26 14:12:29 == : encrypt packet ( 84 bytes )
10/03/26 14:12:29 == : stored iv ( 8 bytes )
10/03/26 14:12:29 -> : send NAT-T:IKE packet 192.168.16.35:4500 ->
[REDACTED]:4500 ( 116 bytes )
10/03/26 14:12:29 ii : DPD ARE-YOU-THERE sequence 3c457e47 requested
10/03/26 14:12:29 <- : recv NAT-T:IKE packet [REDACTED]:4500 ->
192.168.16.35:4500 ( 84 bytes )
10/03/26 14:12:29 DB : phase1 found
10/03/26 14:12:29 ii : processing informational packet ( 84 bytes )
10/03/26 14:12:29 == : new informational iv ( 8 bytes )
10/03/26 14:12:29 =< : cookies 3a603904b57b73db:b0b5f4400d195220
10/03/26 14:12:29 =< : message 8fbe801f
10/03/26 14:12:29 =< : decrypt iv ( 8 bytes )
10/03/26 14:12:29 == : decrypt packet ( 84 bytes )
10/03/26 14:12:29 <= : stored iv ( 8 bytes )
10/03/26 14:12:29 << : hash payload
10/03/26 14:12:29 << : notification payload
10/03/26 14:12:29 == : informational hash_i ( computed ) ( 20 bytes )
10/03/26 14:12:29 == : informational hash_c ( received ) ( 20 bytes )
10/03/26 14:12:29 ii : informational hash verified
10/03/26 14:12:29 ii : received peer DPDV1-R-U-THERE-ACK notification
10/03/26 14:12:29 ii : - [REDACTED]:4500 -> 192.168.16.35:4500
10/03/26 14:12:29 ii : - isakmp spi = 3a603904b57b73db:b0b5f4400d195220
10/03/26 14:12:29 ii : - data size 4
10/03/26 14:12:29 ii : DPD ARE-YOU-THERE-ACK sequence 3c457e47 accepted
10/03/26 14:12:29 ii : next tunnel DPD request in 15 secs for peer
[REDACTED]:4500
10/03/26 14:12:33 <- : recv NAT-T:IKE packet [REDACTED]:4500 ->
192.168.16.35:4500 ( 368 bytes )
10/03/26 14:12:33 DB : phase1 not found
10/03/26 14:12:33 ii : attempting to locate tunnel for peer [REDACTED]
10/03/26 14:12:33 DB : tunnel found
10/03/26 14:12:33 ww : ike packet from [REDACTED] ignored, contact is
denied for peer
10/03/26 14:12:41 <- : recv NAT-T:IKE packet [REDACTED]:4500 ->
192.168.16.35:4500 ( 368 bytes )
10/03/26 14:12:41 DB : phase1 not found
10/03/26 14:12:41 ii : attempting to locate tunnel for peer [REDACTED]
10/03/26 14:12:41 DB : tunnel found
10/03/26 14:12:41 ww : ike packet from [REDACTED] ignored, contact is
denied for peer
10/03/26 14:12:44 DB : phase1 found
10/03/26 14:12:44 -> : send NAT-T:KEEP-ALIVE packet 192.168.16.35:4500
-> [REDACTED]:4500
10/03/26 14:12:44 DB : phase1 found
10/03/26 14:12:44 ii : sending peer DPDV1-R-U-THERE notification
10/03/26 14:12:44 ii : - 192.168.16.35:4500 -> [REDACTED]:4500
10/03/26 14:12:44 ii : - isakmp spi = 3a603904b57b73db:b0b5f4400d195220
10/03/26 14:12:44 ii : - data size 4
10/03/26 14:12:44 >> : hash payload
10/03/26 14:12:44 >> : notification payload
10/03/26 14:12:44 == : new informational hash ( 20 bytes )
10/03/26 14:12:44 == : new informational iv ( 8 bytes )
10/03/26 14:12:44 >= : cookies 3a603904b57b73db:b0b5f4400d195220
10/03/26 14:12:44 >= : message b22d7d76
10/03/26 14:12:44 >= : encrypt iv ( 8 bytes )
10/03/26 14:12:44 == : encrypt packet ( 84 bytes )
10/03/26 14:12:44 == : stored iv ( 8 bytes )
10/03/26 14:12:44 -> : send NAT-T:IKE packet 192.168.16.35:4500 ->
[REDACTED]:4500 ( 116 bytes )
10/03/26 14:12:44 ii : DPD ARE-YOU-THERE sequence 3c457e48 requested
10/03/26 14:12:44 <- : recv NAT-T:IKE packet [REDACTED]:4500 ->
192.168.16.35:4500 ( 84 bytes )
10/03/26 14:12:44 DB : phase1 found
10/03/26 14:12:44 ii : processing informational packet ( 84 bytes )
10/03/26 14:12:44 == : new informational iv ( 8 bytes )
10/03/26 14:12:44 =< : cookies 3a603904b57b73db:b0b5f4400d195220
10/03/26 14:12:44 =< : message f8872032
10/03/26 14:12:44 =< : decrypt iv ( 8 bytes )
10/03/26 14:12:44 == : decrypt packet ( 84 bytes )
10/03/26 14:12:44 <= : stored iv ( 8 bytes )
10/03/26 14:12:44 << : hash payload
10/03/26 14:12:44 << : notification payload
10/03/26 14:12:44 == : informational hash_i ( computed ) ( 20 bytes )
10/03/26 14:12:44 == : informational hash_c ( received ) ( 20 bytes )
10/03/26 14:12:44 ii : informational hash verified
10/03/26 14:12:44 ii : received peer DPDV1-R-U-THERE-ACK notification
10/03/26 14:12:44 ii : - [REDACTED]:4500 -> 192.168.16.35:4500
10/03/26 14:12:44 ii : - isakmp spi = 3a603904b57b73db:b0b5f4400d195220
10/03/26 14:12:44 ii : - data size 4
10/03/26 14:12:44 ii : DPD ARE-YOU-THERE-ACK sequence 3c457e48 accepted
10/03/26 14:12:44 ii : next tunnel DPD request in 15 secs for peer
[REDACTED]:4500
10/03/26 14:12:50 <- : recv NAT-T:IKE packet [REDACTED]:4500 ->
192.168.16.35:4500 ( 68 bytes )
10/03/26 14:12:50 DB : phase1 found
10/03/26 14:12:50 ii : processing informational packet ( 68 bytes )
10/03/26 14:12:50 == : new informational iv ( 8 bytes )
10/03/26 14:12:50 =< : cookies 3a603904b57b73db:b0b5f4400d195220
10/03/26 14:12:50 =< : message cdae21bd
10/03/26 14:12:50 =< : decrypt iv ( 8 bytes )
10/03/26 14:12:50 == : decrypt packet ( 68 bytes )
10/03/26 14:12:50 <= : stored iv ( 8 bytes )
10/03/26 14:12:50 << : hash payload
10/03/26 14:12:50 << : delete payload
10/03/26 14:12:50 == : informational hash_i ( computed ) ( 20 bytes )
10/03/26 14:12:50 == : informational hash_c ( received ) ( 20 bytes )
10/03/26 14:12:50 ii : informational hash verified
10/03/26 14:12:50 ii : received peer DELETE message
10/03/26 14:12:50 ii : - [REDACTED]:4500 -> 192.168.16.35:4500
10/03/26 14:12:50 ii : - ipsec-esp spi = 0xddaaf6a2
10/03/26 14:12:50 DB : phase2 found
10/03/26 14:12:50 DB : cleanup, marked phase2 0xddaaf6a2 for removal
10/03/26 14:12:50 DB : phase2 soft event canceled ( ref count = 2 )
10/03/26 14:12:50 DB : phase2 hard event canceled ( ref count = 1 )
10/03/26 14:12:50 K> : send pfkey DELETE ESP message
10/03/26 14:12:50 K> : send pfkey DELETE ESP message
10/03/26 14:12:50 ii : phase2 removal before expire time
10/03/26 14:12:50 DB : phase2 deleted ( obj count = 0 )
10/03/26 14:12:50 <- : recv NAT-T:IKE packet [REDACTED]:4500 ->
192.168.16.35:4500 ( 84 bytes )
10/03/26 14:12:50 DB : phase1 found
10/03/26 14:12:50 ii : processing informational packet ( 84 bytes )
10/03/26 14:12:50 == : new informational iv ( 8 bytes )
10/03/26 14:12:50 =< : cookies 3a603904b57b73db:b0b5f4400d195220
10/03/26 14:12:50 =< : message ffc28f81
10/03/26 14:12:50 =< : decrypt iv ( 8 bytes )
10/03/26 14:12:50 == : decrypt packet ( 84 bytes )
10/03/26 14:12:50 <= : trimmed packet padding ( 4 bytes )
10/03/26 14:12:50 <= : stored iv ( 8 bytes )
10/03/26 14:12:50 << : hash payload
10/03/26 14:12:50 << : delete payload
10/03/26 14:12:50 == : informational hash_i ( computed ) ( 20 bytes )
10/03/26 14:12:50 == : informational hash_c ( received ) ( 20 bytes )
10/03/26 14:12:50 ii : informational hash verified
10/03/26 14:12:50 ii : received peer DELETE message
10/03/26 14:12:50 ii : - [REDACTED]:4500 -> 192.168.16.35:4500
10/03/26 14:12:50 ii : - isakmp spi = 3a603904b57b73db:b0b5f4400d195220
10/03/26 14:12:50 DB : phase1 found
10/03/26 14:12:50 ii : cleanup, marked phase1
3a603904b57b73db:b0b5f4400d195220 for removal
10/03/26 14:12:50 DB : phase1 soft event canceled ( ref count = 4 )
10/03/26 14:12:50 DB : phase1 hard event canceled ( ref count = 3 )
10/03/26 14:12:50 DB : phase1 dead event canceled ( ref count = 2 )
10/03/26 14:12:50 DB : config deleted ( obj count = 0 )
10/03/26 14:12:50 ii : phase1 removal before expire time
10/03/26 14:12:50 DB : phase1 not found
10/03/26 14:12:50 DB : phase1 deleted ( obj count = 0 )
10/03/26 14:12:50 DB : policy found
10/03/26 14:12:50 ii : removing IPSEC INBOUND policy
ANY:192.168.0.0/24:* -> ANY:192.168.20.12:*
10/03/26 14:12:50 K> : send pfkey X_SPDDELETE2 UNSPEC message
10/03/26 14:12:50 DB : policy found
10/03/26 14:12:50 ii : removing IPSEC OUTBOUND policy
ANY:192.168.20.12:* -> ANY:192.168.0.0/24:*
10/03/26 14:12:50 K> : send pfkey X_SPDDELETE2 UNSPEC message
10/03/26 14:12:50 K< : recv pfkey DELETE ESP message
10/03/26 14:12:50 ii : removed IPSEC policy route for
ANY:192.168.0.0/24:*
10/03/26 14:12:51 K< : recv pfkey DELETE ESP message
10/03/26 14:12:51 K< : recv pfkey X_SPDDELETE2 UNSPEC message
10/03/26 14:12:51 DB : policy found
10/03/26 14:12:51 DB : policy deleted ( obj count = 1 )
10/03/26 14:12:51 K< : recv pfkey X_SPDDELETE2 UNSPEC message
10/03/26 14:12:51 DB : policy found
10/03/26 14:12:51 DB : policy deleted ( obj count = 0 )
10/03/26 14:12:51 ii : disabled adapter ROOT\VNET\0000
10/03/26 14:12:51 DB : tunnel dpd event canceled ( ref count = 3 )
10/03/26 14:12:51 DB : tunnel natt event canceled ( ref count = 2 )
10/03/26 14:12:51 DB : tunnel stats event canceled ( ref count = 1 )
10/03/26 14:12:51 DB : removing tunnel config references
10/03/26 14:12:51 DB : removing tunnel phase2 references
10/03/26 14:12:51 DB : removing tunnel phase1 references
10/03/26 14:12:51 DB : tunnel deleted ( obj count = 0 )
10/03/26 14:12:51 DB : removing all peer tunnel refrences
10/03/26 14:12:51 DB : peer deleted ( obj count = 0 )
10/03/26 14:12:51 ii : ipc client process thread exit ...
crypto ipsec transform-set strong esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dynMap 10 set transform-set strong
crypto dynamic-map dynMap 10 set reverse-route
crypto map cableMap 10 ipsec-isakmp dynamic dynMap
crypto map cableMap interface cable
crypto isakmp enable cable
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 1000
group-policy vpnPolicy internal
group-policy vpnPolicy attributes
dns-server value 192.168.0.43
vpn-idle-timeout none
vpn-session-timeout none
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel
default-domain value domain.local
split-dns value domain.local
tunnel-group vpnGroup type remote-access
tunnel-group vpnGroup general-attributes
address-pool DM-VPN-POOL
authentication-server-group vpn
default-group-policy vpnPolicy
tunnel-group vpnGroup ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 15 retry 10
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100326/92daf6cc/attachment-0001.html>
More information about the vpn-help
mailing list