[vpn-help] Temporary traffic stops while connected to Cisco VPN

[Jochen De Smet]

I'm not 100% sure what kind of Cisco is on the other side; I configured 
shrew
by importing the .pfc file. Here's a summary of the config options:

- general:  hostname and port set, auto config set to "ike config pull"
- client: NAT traversal enabled, keep-alive packet rate 15 secs, ike 
fragmentation disabled, all "other options" checked
- phase1: aggressive, group2, auto, key life time limit 86400 secs, 0 
data lmit
- phase2: auto, auto, auto, compress disabled, key life time limit 3600 
secs, 0 data limit

Symptom:
Sometimes all VPN traffic stops for a minute or so, then after that 
things usually work again.
When looking at the "Network" tab of the established connection, it seem 
to always show
the number of establish associations as (expired + 2). Then after a 
while expired increases
by 1 and that's when things work again.

I'm not sure if it's related, but the shrew client also appears to take 
a lot longer to enable the
initial tunnel than the cisco client ( +-30 seconds vs +-3 seconds)

Any idea what the problem is or what to do about it? It's a bit annoying 
since the pause is usually long
enough to make my ssh sessions disconnect.

J.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20101129/5d8da14d/attachment-0001.html>