We help IT Professionals succeed at work.

CISCO VPN - Error  "Reason 412:    The remote peer is no longer responding."

280,800 Views
Last Modified: 2011-08-18
When VPN went down:
Secure VPN connection terminated locally by the client.
 
Reason 412:    The remote peer is no longer responding.
 
When ATT was disconnected
Dual connection was unexpectedly disconnected.
Comment
Watch Question

CERTIFIED EXPERT

Commented:
Whats your question?

Author

Commented:
Unable to successfully stay connected via CISCO VPN.  I get the following error:

Secure VPN connection terminated locally by the client.
 
Reason 412:    The remote peer is no longer responding.
CERTIFIED EXPERT

Commented:
So you can connect to the VPN and transfer the data but after some time it disconnects itself?
Is it completely random when it disconnects?

Author

Commented:
Correct.  It generally stays connected for 10 min then all of a sudden disconnects.
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
How do you connect to the Internet? Via AT&T
Do you connecto directly or do you have a router? Directly
What version of the client are you using?  4.0.3

Commented:
sounds like fautly hardware.  try a different modem/NIC.
CERTIFIED EXPERT

Commented:
Is the AT&T connection a modem, DSL or ADSL etc...?

Commented:
Run an extended ping test between the outside of whatever device you're connecting to the 'Net with-
I assume a home PC with a Linksys or something-

Ping between that home PC and the outside IP address of the firewall/VPN concentrator (sounds like a PIX, perhaps)

If you're seeing lots of dropped packets
(send 1024 or 2048 packets), and you see more than about 5% dropped, or you see several in a row get dropped, that's your problem-

What's happening is that your ISP (PC side, probably) is dropping packets
The VPN connection will be dropping about twice that number of packets, as IPSEC packets are subjected to additional verification (and some aren't passing muster and getting dropped)
This is trashing enough of the IPSEC packets to make the VPN believe it's being compromised..
That's usually why the IPSEC session will disconnect.
What is bandwith usage like on both sites. If you are pegging you usage you could be getting disconnected because of all the interface resets. What is the othere end like.

Commented:
Maybe a stupid question, but is your remote client a PC running the software client, or another router?

Commented:
Whoops...maybe if I could learn to read!  OK...we run several Cisco 3005's here and we recently upgraded our clients to 4.6 because of some flaky issues that we were seeing w/ the early 4.0.x clients.  Have you tried upgrading the client a newer version?  We were experiencing timeouts when there was either a) little / no activity (with no inactivity timers set on the concentrator) or b) a client passing a great deal of traffic.  Try the client upgrade...see what happens!  :-)

Commented:
This has happend several times to me. Situation was resolved by removing and reapplying the crypto map on the interface.

Commented:
This happened to me and it was a problem with the switch port that the private side interface of the VPN concentrator was plugged into.  I hard-coded the port to be 100 MBps and full duplex vice the auto detect setting.

It was causing the port to take errors and it would shutdown the Catalyst 6509 port.  You can also try removing port sec on your switch if it is setup.

Thx
Brandon
This issue has been ongoing, the number of "f'ixes" (none of which worked) with loads of people blaming peoples internet connection. Well Cisco recently released 5.0.04.0300 which looks to have finally fixed it. My Vista U systems have stayed connected up to our max time of 23 hours.......

Commented:
Seems it's been a while since people posted to this problem, but here are my two cents:
Open the Cisco Profile file (which by default is stored under C:\Program Files\Cisco systems\VPN client\Profiles - file ending with .pcf) in notepad. Add the following line at the bottom:

UseLegacyIKEPort=1

Close, save and restart the VPN client...

pEr

Commented:
I really suggest you use NAT-T to encapsulate ESP packets, with this you will avoid the disconnections due to ESP it's sensitive to PAT.
I'm also receiving this error when I disconnect using an open wireless connection, then try to reconnect.  Even a reboot isn't clearing it out.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.