?
Solved

Cisco IPSec VPN Client Session gets disconnected at randon times from remote ASA5505

Posted on 2011-03-08
3
1 solution
Medium Priority
?
7,416 Views
Last Modified: 2012-05-11
We have a number of users connecting / terminatiing Cisco IPSec VPN Client sessions onto a Cisco ASA5505  appliance.

The users are using a variation of Client OS, XP, Vista etc and different versions of the Cisco IPSec VPN Client. What is ahppening is, the clients are getting disconnected from the ASA at randon, sometimes after 5 minutes, 15 minutes even 7 hours. The logs off the Cisco VPN Client show the below,

Cisco Systems VPN Client Version 5.0.05.0290
Copyright (C) 1998-2009 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7600
7      10:08:25.162  03/08/11  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=10.4.9.189, error 0
8      10:08:26.176  03/08/11  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=10.4.9.189, error 0
9      10:08:27.190  03/08/11  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=10.4.9.189, error 0
10     10:08:28.204  03/08/11  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=10.4.9.189, error 0
11     10:08:29.218  03/08/11  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=10.4.9.189, error 0
12     10:08:30.232  03/08/11  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CleanUpVASettings: Was able to delete all VA settings after all, error 0
13     10:08:31.043  03/08/11  Sev=Warning/2 IKE/0xA3000067
Received an IPC message during invalid state (IKE_MAIN:512)

Any feedback would be great...
0
Comment
Question by:lanbase
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Join The Community
  • 2
3 Comments
 
LVL 6

Expert Comment

by:alienXeno
ID: 35081409
The problem might be with the IP pool assignment either through ASA, Radius server, DHCP server etc.
 Use the debug crypto command in order to verify that the netmask and IP addresses are correct. Also, verify that the pool does not include the network address and the broadcast address.
0
 

Accepted Solution

by:
lanbase earned 0 total points
ID: 35082009
Hi, thanks for the information. That's a very good point. However, just to let everyone know. I found out what the problem was. It was a setting on the ASA itself. You have to enable nat traversal for VPN traffic as the ASA needs to know that the incomming packets have already been natted. For example,

crypto isakmp nat-traversal

This did the trick. Prior to this client IPSec VPN sessions were getting timed out at random even after 7 hours or so. The client software versions varied and were Cisco/Non Cisco ones.

Hope that helps :)
0
 

Author Closing Comment

by:lanbase
ID: 35126170
Solution found after my own research and testing
0

Featured Post

Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

Watch Video
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question
Threat Modeling: Secure System In Five Simple Steps
Article by: Shakshi
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Concerto Cloud Services Honored as Coolest Cloud Vendor by CRN®
Article by: Concerto Cloud
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Setup Mikrotik routers with OSPF… Part 3
Video by: Dirk
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Top Ten Winning Strategies to Partnership in the Cloud
Video by: Concerto Cloud
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Advertise Here
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Advertise Here