Avatar of lanbase
lanbase
 asked on

Cisco IPSec VPN Client Session gets disconnected at randon times from remote ASA5505

We have a number of users connecting / terminatiing Cisco IPSec VPN Client sessions onto a Cisco ASA5505  appliance.

The users are using a variation of Client OS, XP, Vista etc and different versions of the Cisco IPSec VPN Client. What is ahppening is, the clients are getting disconnected from the ASA at randon, sometimes after 5 minutes, 15 minutes even 7 hours. The logs off the Cisco VPN Client show the below,

Cisco Systems VPN Client Version 5.0.05.0290
Copyright (C) 1998-2009 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7600
7      10:08:25.162  03/08/11  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=10.4.9.189, error 0
8      10:08:26.176  03/08/11  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=10.4.9.189, error 0
9      10:08:27.190  03/08/11  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=10.4.9.189, error 0
10     10:08:28.204  03/08/11  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=10.4.9.189, error 0
11     10:08:29.218  03/08/11  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=10.4.9.189, error 0
12     10:08:30.232  03/08/11  Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CleanUpVASettings: Was able to delete all VA settings after all, error 0
13     10:08:31.043  03/08/11  Sev=Warning/2 IKE/0xA3000067
Received an IPC message during invalid state (IKE_MAIN:512)

Any feedback would be great...
VPNCiscoInternet Protocol Security

Avatar of undefined
Last Comment
lanbase

8/22/2022 - Mon
V K

The problem might be with the IP pool assignment either through ASA, Radius server, DHCP server etc.
 Use the debug crypto command in order to verify that the netmask and IP addresses are correct. Also, verify that the pool does not include the network address and the broadcast address.
ASKER CERTIFIED SOLUTION
lanbase

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
lanbase

ASKER
Solution found after my own research and testing
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy