Cisco VPN Client: Idle timeout every few minutes--pls help

Cisco VPN Client: Idle timeout every few minutes--pls help
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.vpn  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Cisco VPN Client: Idle timeout every few minutes--pls help cool.develop 07-14-2006
Posted by on July 14, 2006, 12:28 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi all:
I can make the VPN connection to work fine, but if I don't have network
activity for something like 4 or 5 minutes, the VPN connection dies
with error:
Secure VPN Connection termindated by Peer.
Reason 431: Configured Maximum Idle Time for Session Exceeded.

I am using a Cisco VPN Client 4.0.5(c) / WinXP Pro to connect to work
from home. I have a wireless DSL router (Westel) from Verizon.

I am at my wit's end. The VPN folks claim all is well at their end,
they do not have idle timout setting of few minutes, and that something
is wrong at my end. They may be right, but I am disappointed that they
can't help me troubleshoot at my end, if in fact the issue is at my
end.

So far:
-Tried wired connection, instead of wireless
-Made sure I am using IPSEC over UDP instead of TCP (on VPN folk's
recommandation)
-Added ForcedKeepAlives=1 to my profile
-Enabled IPSEC ESP (client) and IPSEC IKE (port forwarding) services
in my home router (honestly don't know what they mean, just monkeying
around)
-I even tried to run a bat script that simply pings a server, sleeps
for 3 mins and goes at it again.
-I tried keeping a putty telnet session to a server open.

No matter what, unless I am actively using the browser or some
appliation that generates network traffic, VPN connection is gone in a
few minutes?

What on the earth is happening??

TIA.

PS: I just posted this in comp.dcom.sys.cisco without realizing this
group is more appropriate, so my apologies to netizens.

Here's a chunk of log from my VPN client that I believe captures a
timeout which may mean something to any of you gurus:
------------
654 09:27:15.375 07/14/06 Sev=Info/6        IKE/0x63000054
Sent a keepalive on the IPSec SA

655 09:27:25.375 07/14/06 Sev=Info/6        IKE/0x63000054
Sent a keepalive on the IPSec SA

656 09:27:35.375 07/14/06 Sev=Info/6        IKE/0x63000054
Sent a keepalive on the IPSec SA

657 09:27:45.312 07/14/06 Sev=Info/5        IKE/0x6300002F
Received ISAKMP packet: peer = 198.74.13.200

658 09:27:45.312 07/14/06 Sev=Info/4        IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, DEL) from 198.74.13.200

659 09:27:45.312 07/14/06 Sev=Info/5        IKE/0x63000018
Deleting IPsec SA: (OUTBOUND SPI = 394A9D0B INBOUND SPI = DD22B922)

660 09:27:45.312 07/14/06 Sev=Info/4        IKE/0x63000048
Discarding IPsec SA negotiation, MsgID=0AD309AA

661 09:27:45.312 07/14/06 Sev=Info/5        IKE/0x6300002F
Received ISAKMP packet: peer = 198.74.13.200

662 09:27:45.312 07/14/06 Sev=Info/4        IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, DWR) from 198.74.13.200

663 09:27:45.312 07/14/06 Sev=Info/4        IKE/0x63000080
Delete Reason Code: 8 --> PEER_DELETE-IKE_DELETE_IDLE_TIMEOUT.

664 09:27:45.312 07/14/06 Sev=Info/5        IKE/0x6300003C
Received a DELETE payload for IKE SA with Cookies:
I_Cookie=7ADB9543A0410F64 R_Cookie=FA3EED4FDEC26B35

665 09:27:45.312 07/14/06 Sev=Info/4        IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=7ADB9543A0410F64
R_Cookie=FA3EED4FDEC26B35) reason = PEER_DELETE-IKE_DELETE_IDLE_TIMEOUT

666 09:27:45.375 07/14/06 Sev=Info/4        IPSEC/0x63700013
Delete internal key with SPI=0x22b922dd

667 09:27:45.375 07/14/06 Sev=Info/4        IPSEC/0x6370000C
Key deleted by SPI 0x22b922dd

668 09:27:45.375 07/14/06 Sev=Info/4        IPSEC/0x63700013
Delete internal key with SPI=0x0b9d4a39

669 09:27:45.375 07/14/06 Sev=Info/4        IPSEC/0x6370000C
Key deleted by SPI 0x0b9d4a39

670 09:27:45.875 07/14/06 Sev=Info/4        IKE/0x6300004A
Discarding IKE SA negotiation (I_Cookie=7ADB9543A0410F64
R_Cookie=FA3EED4FDEC26B35) reason = PEER_DELETE-IKE_DELETE_IDLE_TIMEOUT

671 09:27:45.875 07/14/06 Sev=Info/4        CM/0x63100013
Phase 1 SA deleted cause by PEER_DELETE-IKE_DELETE_IDLE_TIMEOUT. 0
Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

672 09:27:45.875 07/14/06 Sev=Info/5        CM/0x63100025
Initializing CVPNDrv

673 09:27:45.875 07/14/06 Sev=Info/6        CM/0x63100031
Tunnel to headend device natural.keyspanenergy.com disconnected:
duration: 0 days 0:4:46

674 09:27:45.875 07/14/06 Sev=Info/4        IKE/0x63000001
IKE received signal to terminate VPN connection


Similar ThreadsPosted
About idle timeout from my ISP May 6, 2008, 9:31 am
Netgear VPN-Client + FVS318 re-keying timeout whn connecting through UMTS July 4, 2005, 9:38 am
VPN - Ping to servers on connected network timeout March 1, 2005, 7:28 am
Watchguard / Safenet Client and Cisco VPN Client Compatible? February 7, 2005, 3:38 pm
Cisco VPN Client <-> XP VPN March 13, 2006, 6:02 am
Client VPN Cisco HELP May 20, 2006, 11:14 am
Looking for Cisco VPN Client (XP) September 7, 2006, 9:19 pm
API for Cisco VPN client? June 6, 2007, 6:06 pm
W2K vpn client to Cisco 3005 VPN concentrator June 20, 2005, 3:07 pm
Need help enrolling a certificate, Cisco VPN Client July 19, 2005, 7:41 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map