VPN disconnect/timeout
I'm running a 10.5 VPN server with what's supposed to be 24/7 linked 10.4 clients and am getting unexpected disconnects after a couple of days or so. I'm assuming they are timeouts, but on 10.4 there doesn't seem to be any way to configure the timeout interval in Internet Connect. Anyone know how to make a "permanent" VPN connection from 10.4?
vpn-idle-timeout = the amount of time the vpn connection is idle ie. no activity seen on the tunnel, before it is disconnected
vpn-session-timeout = the amount of time the VPN tunnel is allowed to stay up regardless of whether there is activity or not.
This if for specific user-
hostname(config)# username anyuser attributes
hostname(config-username)# vpn-session-timeout
Hope this help.
Thanks
Ajay
Similar Messages
-
Phonefactor with RRAS(Windows Server 2003) - VPN client timeout after 20 seconds -- too fast!
[Note that I have previously posted this question on Experts Exchange... but have not found a solution yet].
We are a small business and would like to switch to two-factor authentication for VPN connections. We spent nearly a year helping Barracuda debug their small business VPN appliance and finally they took their boxes back and gave us back our money - they
just couldn't get file sharing to work consistently with some new firmware they had to install due to a patent case.
So... now we are trying Phonefactor.
Our VPN setup is RRAS on a Windows Server 2003 domain controller.
We have installed Phonefactor, enabled it as a Radius server, and configured RRAS to point to Phonefactor for Radius authentication. We configured phonefactor to send text messages for authentication, as we figured that would be less disruptive than a phone
call.
It all works except... the timeout for VPN clients is only 20 seconds! By the time we receive the text message on a cell phone, sometimes there is only 5 or 6 seconds to get the six digit code typed into a reply on the cell phone... and unless we are really
nimble, that is frequently not enough time!
When the VPN client times out, it gives an Error 718 "The connection was terminated because the remote computer did not respond in a timely manner."
How can we increase the timeout on the VPN clients, so we can more reliably enter the authentication code in a reply back to phonefactor?
Things we have tried:
1) Connecting (PPTP) from different Windows clients to see if we get different timeout limits. So far we have tried several Windows 7 boxes and a Windows Server 2003 as the client, but in all cases the timeout is 20 seconds.
2) On the windows clients: Searching through the PPTP client settings to see if there is one labeled "connection timeout". So far we have found nothing.
3) On the windows 2003 server: Modifying the RRAS Radius Server time-out to be 30 seconds, 60 seconds, 300 seconds. We've tried restarting RRAS after these changes, but the client connection timeout is still 20 seconds.
4) In the phonefactor configuration: Searching through the radius server settings to see if there is one labeled "connection timeout". So far we have found nothing.
5) Using NTRadPing to connect directly to the phonefactor radius server. With NTRadPing we were able to wait more than 60 seconds without a timeout from phonefactor. So we don't *think* at this point that the issue is within phonefactor.
6) We have asked phonefactor support, but their response is "hmmm... good question, we don't know, that sounds like a problem with your vpn client". And they could well be correct.
7) Search the web for how to increase either the stock windows VPN client timeout, or the RRAS radius authentication timeout. No luck so far.
8) Try this registry hack:
http://windowsitpro.com/networking/solving-ras-718-error. Didn't help.
Any ideas?
thanks!Hi fdc2005,
Thanks for the post.
However, generally, we first type User Name, Password, then click connect to establish the VPN connection. Such as:
Therefore, I have a little confusion about the timeout you mentioned. Would you please provide us more details.
Regarding error 718, please check if the following could help:
If you have a third-party VPN server which does not support MS-CHAPv2 as an authentication method and supports only MS-CHAPv1, you will need to use either CHAP or PAP to connect from the Windows Vista VPN client until the server you use starts supporting MS-CHAPv2.
Steps to follow for resolution:
(1) Check if the Routing and Remote Access Server (RRAS) is configured to allow connections with MS-CHAPv2
(2) Check if the RADIUS server policy supports MSCHAPv2 (This step is needed if you control access to clients using Remote Access Policies on the IAS/NPS server)
Quote from:
Troubleshooting Vista VPN problems.
Hope this helps.
Jeremy Wu
TechNet Community Support -
ACE- 4710 graceful disconnect timeout (no FIN ACK)
I have below 4 real servers into a single serverfarm and serverfarm is being reported by huge number of drop. Below is the log coming in the ACE buffer.Please suggest what may be the pobable reason for such behavior.
Sep 13 2011 11:31:47 : %ACE-3-251010: Health probe failed for server 172.18.104.128 on port 8001, graceful disconnect timeout (no FIN ACK)
Sep 13 2011 11:32:05 : %ACE-3-251010: Health probe failed for server 172.18.104.126 on port 8001, graceful disconnect timeout (no FIN ACK)
Sep 13 2011 11:32:08 : %ACE-3-251010: Health probe failed for server 172.18.104.125 on port 8001, graceful disconnect timeout (no FIN ACK)
Sep 13 2011 11:32:09 : %ACE-3-251010: Health probe failed for server 172.18.104.127 on port 8001, graceful disconnect timeout (no FIN ACK)Hi Plz find required config,
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.09.14 13:37:31 =~=~=~=~=~=~=~=~=~=~=~=
APP-ACE/Admin# sh serverfarm App_MIS
serverfarm : App_MIS, type: HOST
total rservers : 9
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: Application-Server-123
172.18.104.123:8001 8 OPERATIONAL 135 65809 460
rserver: Application-Server-124
172.18.104.124:8001 8 OPERATIONAL 135 69809 124
rserver: Application-Server-125
172.18.104.125:8001 8 PROBE-FAILED 135 69956 56
rserver: Application-Server-126
172.18.104.126:8001 8 OPERATIONAL 135 71015 27
rserver: Application-Server-127
172.18.104.127:8001 8 OPERATIONAL 135 73187 33
rserver: Application-Server-128
172.18.104.128:8001 8 OPERATIONAL 135 69613 33
rserver: Application-Server-129
172.18.104.129:8001 8 OPERATIONAL 135 75545 74
rserver: Application-Server-42
172.18.104.42:8001 8 OPERATIONAL 134 73487 35
rserver: Application-Server-46
172.18.104.46:8001 8 OPERATIONAL 134 78237 48
APP-ACE/Admin# sh serverfarm App_MIS detail
serverfarm : App_MIS, type: HOST
total rservers : 9
active rservers: 8
description : Application Zone Load Balancer for Weblogic
state : ACTIVE
predictor : LEASTCONNS
slowstart : 0 secs
failaction : -
back-inservice : 0
partial-threshold : 0
num times failover : 0
num times back inservice : 0
total conn-dropcount : 0
Probe(s) :
ICMP-ICMP-Probe, type = ICMP
TCP-8001, type = TCP
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: Application-Server-123
172.18.104.123:8001 8 OPERATIONAL 133 65812 460
description : -
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
rserver: Application-Server-124
172.18.104.124:8001 8 OPERATIONAL 134 69810 124
description : -
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
rserver: Application-Server-125
172.18.104.125:8001 8 PROBE-FAILED 135 69956 56
description : -
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
rserver: Application-Server-126
172.18.104.126:8001 8 OPERATIONAL 133 71015 27
description : -
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
rserver: Application-Server-127
172.18.104.127:8001 8 OPERATIONAL 135 73187 33
description : -
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
rserver: Application-Server-128
172.18.104.128:8001 8 OPERATIONAL 133 69622 33
description : -
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
rserver: Application-Server-129
172.18.104.129:8001 8 OPERATIONAL 131 75553 74
description : -
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
rserver: Application-Server-42
172.18.104.42:8001 8 OPERATIONAL 133 73489 35
description : -
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
rserver: Application-Server-46
172.18.104.46:8001 8 OPERATIONAL 133 78244 48
description : -
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
serverfarm host App_MIS
description Application Zone Load Balancer for Weblogic
predictor leastconns
probe ICMP-ICMP-Probe
probe TCP-8001
rserver Application-Server-123 8001
inservice
rserver Application-Server-124 8001
inservice
rserver Application-Server-125 8001
inservice
rserver Application-Server-126 8001
inservice
rserver Application-Server-127 8001
inservice
rserver Application-Server-128 8001
inservice
rserver Application-Server-129 8001
inservice
rserver Application-Server-42 8001
inservice
rserver Application-Server-46 8001
inservice
APP-ACE/Admin#sh running-config probe
Generating configuration....
probe icmp ICMP-ICMP-Probe
interval 2
faildetect 2
passdetect interval 60
probe tcp TCP-8001
port 8001
interval 2
faildetect 2
passdetect interval 15
passdetect count 2
open 1 -
Site-To-Site VPN disconnection
Dear All,
I have a site-site vpn tunnel from head office to branch office.When ever tunnel is idle,tunnel goes down.Is any possibility to keep tunnel live always .
Please help on this.
Regards,
Shinu MathewYou don't tell us what device and what version you are using, so I just assume ist a fairly recent ASA.
There you have a group-policy assigned to your tunnel-group. These group-policies have a default idle-time of 30 minutes. You can disable the idle-time there. Here an example to disable it in the default group-policy:
group-policy DfltGrpPolicy attributes
vpn-idle-timeout none -
I would like to know why the built-in VPN disconnects silently without notice, which is a potential security issue.
Especially, when I am reminded continuously via a prompt, that prevents any further use of the system until acknowledged, when Podcasts or Music is run with: Cellular Data is Turned Off for "Podcasts"
I would expect the VPN to at least notify when disconnected. -
How can I be notified that a "hard disconnect timeout" occured? I see this
being printed out in the weblogic server screen, but I don't know how to be
notified about it when using JNDI.
Thanks,
Marcelo Quintella
~~~~~~~~~~~~~~
Marcelo A. Quintella : [email protected]
~~~~~~~~~~~~~~Some T3Client is unexpectedly disconnecting from WebLogic.... this could
be your webserver proxy or some other app that connects to WebLogic.
Need more info on your situation to give any further help.
- jonathan.
Sean Mickey wrote:
Hi -
Can anyone tell me the cause of these errors?
Wed Mar 29 16:32:25 EST 2000:<I>
<CliCon-#|singleshop|9.954364468694> Connection
to client for [CliCon: #|singleshop|9.954364468694] has been
unexpectedly lost
because t3 socket to -5603468682380018862C10.1.1.100 failed
and could not be reconnected.
Initiating hard disconnect.
Wed Mar 29 16:32:25 EST 2000:<I>
<CliCon-#|singleshop|4.954364468694> Removing [
CliCon: #|singleshop|4.954364468694 unbound] because of hard
disconnect timeout
Wed Mar 29 16:32:25 EST 2000:<I>
<CliCon-#|singleshop|5.954364468694> Removing [
CliCon: #|singleshop|5.954364468694 unbound] because of hard
disconnect timeoutThanks - Sean[jonathan.vcf] -
Does anyone know what this means? The error below tends to be strewn throughout the console, but it hasn't really affected the code in any conceivable way. Thanks for any insight . . .
Fri Nov 17 13:05:34 EST 2000:<I> <CliCon-#|myserver|3.974484212055> Removing ClientContext - id: '#|myserver|3.974484212055', bound: 'false', dead: 'false' because of soft disconnect timeoutNever mind.
Mike.
Mike Reiche <[email protected]> wrote in message
news:8cvoje$b55$[email protected]..
Has anyone seen this? Know what it means?
<CliCon-#|wl8080|15.955395324155> Removing [CliCon:
#|wl8080|15.955395324155 unbound] because of soft disconnect timeout
Thanks,
Mike Reiche. -
Soft disconnect timeout message ?
Has anyone seen this? Know what it means?
<CliCon-#|wl8080|15.955395324155> Removing [CliCon:
#|wl8080|15.955395324155 unbound] because of soft disconnect timeout
Thanks,
Mike Reiche.Never mind.
Mike.
Mike Reiche <[email protected]> wrote in message
news:8cvoje$b55$[email protected]..
Has anyone seen this? Know what it means?
<CliCon-#|wl8080|15.955395324155> Removing [CliCon:
#|wl8080|15.955395324155 unbound] because of soft disconnect timeout
Thanks,
Mike Reiche. -
Windows 8 L2TP VPN disconnects at 60 minutes
I have 5 windows 8 machines across various domains all configured with 8-10 L2TP VPN setups to various clients networks. Most of them are to Sonicwall firewalls but a couple are to other firewalls. My Windows 8 machines consists of both upgrades
from Windows 7 and fresh installs. Either way every one of my L2TP connections will disconnect at 60 minute increment, regardless of activity or inactivity, which never happened on Windows 7. I have looked everywhere on the Sonicwalls (all of them
are on the most up to date firmware) and there is no setting for disconnecting after 60 minutes.
The issue must be with Windows 8 - just looking for a registry hack or hotfix that will fix this problem.
Michael E. WheelerI also have the same problem but my timeout happens at 49 mins 54 seconds everytime. I recently switched to Windows 8 and I am facing lots of issues with the VPN.
Initially I had installed the VPN version "CISCO VPN 5.0.07.0290-k9" and my VPN would disconnect every 3 to 4 mins. Then later browsed to get the "most compatible" version of VPN "5.0.07.0440-k9" . Now also the same problem perisists. but a small improvement.
Incase I am keeping my access to the Server IP active, working on the sever and not on the local system, then my connection is active for a longer time. If I work on my local system the connection disconnects within a minute.
Since I had to work on my local system also, I did a continuous ping on the Command Prompt and then I can now work on my Server thro VPN and also on my local system for 49 mins. I was searching for a solution when I stumbled on this chain. I am not alone,
but could not find a solution. I hope someone from Microsoft looks at this thread and give a Fix build.
Please post any alternative solution to bypass this issue.
Regards
Kiruthiga Kuppuswamy -
I have several remote users conneting to an ASA 5510 device. They have Windows 7 (32 bit) machines and connect using Cisco VPN Client (5.0.0.7). Everyone connects fine and is able to work through out the day. They basically use Citrix Reciver to connect to citrix apps and use Cisco IP Communicator softphone for phone service. However, 2 or 3 of them have complained that they get disconnected everyday after being connected for 6 to 6.5 hours. They say it is like clockwork. All their citrix apps lock up and disconnect briefly for 1-3 minutes and then everything comes back online. Normally everything reconnects itself and they do not have to reconnect to VPN client or citrix.
I thought initially it had something to do with Citrix, however one said they were using their softphone when things disconnected. So that points to the VPN client or their internet connection. I rule out their internet connection since it is happeing to multiple people. Has anyone heard of this? It shouldn't be an idle timeout issue since they are actively working all day. Is their something with the client itself timing out or causing brief disruption to the NIC?? Any help would be appreciated. Thanks...
DaveHi,
it turned out the problem was due to a mismatch in the ACLs between the ASA and the remote site 2911.
We had no matching line in the ASA config for traffic between the office and the extranet server. On the office router, we had:
permit ip 192.168.1.0 0.0.0.255 host 3.3.3.3
So, on the ASA, we had to add:
access-list office101 line 8 extended permit ip host 3.3.3.3 192.168.1.0 255.255.255.0
I'm not sure why the behaviour was different between the ASA versions i.e. why we did not experience any issues when we had the misconfig at version 8.4(3) but it caused problems with higher versions. Also, cannot explain why it only really seemed to be one site that was affected (we had the same config mismatch at other sites which were seemingly alright)
However, ultimately, it was the config mismatch that was causing the problem and, after rectifying that, we were able to upgrade and our remote site VPN connectivity remained stable. -
T500 Windows 7 blue screen on VPN disconnect
Brand new T500 came with Win7 preinstalled. Machine is connected to a Windows domain at work, and I VPN into various clients' networks. Often (not always) when I disconnect the standard Microsoft VPN, the screen goes black, and I see the disk active for less than one minute, and then the system is hung - no response to mouse, ctl-alt-del, etc.. I power down by holding down the power button, then power up. Windows reports recovering from a bluescreen. I have already used ThinkVantage System Update to load the latest drivers for everything.
Any ideas?The same problem to me T500 Win7 64 bits 4GB RAM. 2 or 3 time weekly the laptop is accidently stop working with black screen, strange noise and for a while hard drive activity. If somebody knows the solution of this problem will be very good I updated the BIOS and every kind of driver updates but no changes. There still persist the problem.
-
No Internet access after VPN disconnect
Several of my users have reported that when they disconnect from the VPN, they have no web access without restarting the computer. We're using version 3.8.16. Is this a known issue? Is there a way around this without having to restart the computer? Thanks for any help you can give.
Originally Posted by davisn456
Several of my users have reported that when they disconnect from the VPN, they have no web access without restarting the computer. We're using version 3.8.16. Is this a known issue? Is there a way around this without having to restart the computer? Thanks for any help you can give.
We are having this issse as well has there been any resolution out there? It happens on some and not everytime. -
We have a wireless network in our house. I connect to the internet and then connect to my company's VPN. However I get disconnected from the VPN constantly and it says the connection was terminated locally. I have to disconnect my linksys connection, then reconnect, then connect again to the vpn. Do you have any idea why my connection keeps getting broken. I often wonder if once I get connected to the VPN and if I am not out on the internet moving around if it times out or something. But it is rediculous because sometimes I get disconnected as quickly as 2 or 4 minutes. Othertimes it is an hour
What kind of VPN? IPSEC? SSL? If it's IPSEC and you can use SSL try that instead. It's a little less secure but more stable. Also check with your VPN to verify whether you need to punch a few holes in your FW. Ports 47, 50, 500, 1723, 5050 are all candidates.
-
DirectAccess stuck Connecting after VPN disconnect?
We use OpenVPN for our VPN clients coupled with DirectAccess for transparent domain access on Windows 8.1. If I boot a client it connects to DA and everything works as it should. When I connect to OpenVPN on the same client, DA immediately changes to a "Connecting
..." state and stays there, even after I disconnect from the VPN.
If I run a netsh interface httpstunnel show interface it shows a
0x274c failed to connect to the IP-HTTPS server. Waiting to reconnect.
The DirectAccess Client Troubleshooter fails at the IP Connectivity, Infrastructure Tunnel, and User Tunnel Tests.
However, I can access the directaccess server just fine on port 443, even via a web browser.
I've tried restarting the IPHelper service and the IKE service, but DA eventually reverts to the same 0x274c error. The only way to clear it is to reboot the client.
The log from the DA Troubleshooter shows that NLS thinks it's "internal" I believe, as the IsExternal and GetNLS return the internal FQDN of the DA server and try to connect to that, then throw an error 503. Almost everything after that in the
log also fails, of course.
I'm at a loss as to how to solve this.I found the following KB article, which has helped a little but still hasn't resolved the inability for my client to re-connect after disconnecting from the VPN.
https://technet.microsoft.com/en-us/library/ee809093.aspx?f=255&MSPPError=-2147217396
If I set those two registry entries, a netsh interface httpstunnel show interface
now properly reports that I have "other corporate connectivity available" when I connect to the VPN. A netsh dnsclient show state
also properly detects whether I am inside or outside the corporate network.
However, I still cannot achieve a DirectAccess client re-connection after disconnecting from the VPN. The httpstunnel still reports a 0x274c, failed to connect to the IPHTTPS server. Waiting to reconnect.
I don't see anyting in the Event Viewer on either the client or the server, so I'm not sure where to look next to continue troubleshooting.
Note - the client seems to have full connectivity to the DA server. I can run a Test-NetConnection -Port 443 -ComputerName da.myserver.com and it is successful. I can ping the hostname da.myserver.com and all 4 replies are successful.
I noticed that if I run an ipconfig on the client, the Tunnel adapter iphttpsinterface states "Media disconnected."
Can anyone assist? -
Cisco VPN Client version 4.8.02.0010 connecting to Cisco ASA5520. I have fireturcks using air cards from ATT. They are configured to automatic VPN Initiation. If I disconnect them from the ASA they will not reconnect until I close the notice on the Client. Is there any way to make the notcies go away or the auto connect to ignore the message? Let me know. Thanks.
I inserted the command banner none
I logged the unit out logged back in then forced a disconnect from the ASA and they still got the notification box. Any other ideas?
Maybe you are looking for
-
Hi, I am working on EP 7.0 SP 18. I have created an Activity Report iView to track which users have used my WebDynpro application.My Wedynpro application is on a page and the Monitor User property of the page is also turned on. I am able to see the d
-
Error While Adding Node on RAC
Hi Friends, Environment:SUN Solris 10 Cluster Version:10.2.0.3 database Version:10.2.0.3.0 Due to H/W failure one of our RAC node(prod1) got formatted. We have deleted the node(prod1) from RAC successfully. Following the below link.. http://download.
-
Image instead of List Name, and hyperlink the image to view 'All Items.aspx' page
Hi, I would like remove the Page title for list (i.e., name of the list in view all items.aspx page) , and instead use image and hyperlink the image to 'All items.aspx" page. Using developer tool found the element (#PageTitle) and added 'Script Edito
-
ME_GUI_PO_CUST works in ME22N/ME23N, but not in ME21N
Hi, I've implemented the BADIs ME_GUI_PO_CUST and ME_PROCESS_PO_CUST to add one tab to the PO header and PO items. This works for display/change of the PO, but not for the creation (ME21N). There the additional tabs are not shown. Does anybody of you
-
I have a date [Period Closed].[Period Closed] in a cube. This table contain only one values which might be a certain date. Not today's date. I have another date table where I have to use the date value from [Period Closed].[Period Closed] and pass