We have a number of users connecting / terminatiing Cisco IPSec VPN Client sessions onto a Cisco ASA5505 appliance.
The users are using a variation of Client OS, XP, Vista etc and different versions of the Cisco IPSec VPN Client. What is ahppening is, the clients are getting disconnected from the ASA at randon, sometimes after 5 minutes, 15 minutes even 7 hours. The logs off the Cisco VPN Client show the below,
Cisco Systems VPN Client Version 5.0.05.0290
Copyright (C) 1998-2009 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7600
7 10:08:25.162 03/08/11 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=10.4.9.189, error 0
8 10:08:26.176 03/08/11 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=10.4.9.189, error 0
9 10:08:27.190 03/08/11 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=10.4.9.189, error 0
10 10:08:28.204 03/08/11 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=10.4.9.189, error 0
11 10:08:29.218 03/08/11 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=10.4.9.189, error 0
12 10:08:30.232 03/08/11 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CleanUpVASettings: Was able to delete all VA settings after all, error 0
13 10:08:31.043 03/08/11 Sev=Warning/2 IKE/0xA3000067
Received an IPC message during invalid state (IKE_MAIN:512)
Any feedback would be great...
Use the debug crypto command in order to verify that the netmask and IP addresses are correct. Also, verify that the pool does not include the network address and the broadcast address.