Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

6.5R1, 6.5R2, 6.5R3.1 Network Connect sporadic disconnects.

eagle107_
Contributor
‎03-08-2010 04:05:AM
‎03-08-2010 04:05:AM

6.5R1, 6.5R2, 6.5R3.1 Network Connect sporadic disconnects.

On our SA-6500 gateways, many of our users are complaining about sporadic disconnects when using the Windows and Mac NC client; our environment is composed of Win XP and Snow Leopard. The usersÕ NC tunnels do not show an error message when the tunnel disconnect happens, the NC client just states reconnecting and then after a minute or two the NC client reconnects. We have 1gb/s Internet links (utilization is currently at 140Mb/s), no network errors on the SA-6500sÕ or switchesÕ interfaces, the max session on the user role is set to 8000 and the idle time is set to 7000, we have roaming turned on and we have the session counters disabled (JTAC Tier 2 states enabling sessions counters on a role is a problem in 6.5Rx code). I have a ticket in for this issue, but tier 2 support is scratching their head over this. I have also upgraded our SA-6000 test units to 6.5R2 and 6.5R3.1, but I, along with other users, still see the same problem. I was wondering if anyone else has run across this problem and might know how to fix it. Thank you.

0 Kudos
11 REPLIES 11
tvn_
Occasional Contributor
‎03-10-2010 07:00:PM
‎03-10-2010 07:00:PM

Re: 6.5R1, 6.5R2, 6.5R3.1 Network Connect sporadic disconnects.

what is the idle setting for the Configuration--> NCP ?

0 Kudos
juniper_NC_
New Contributor
‎03-13-2010 01:15:PM
‎03-13-2010 01:15:PM

Re: 6.5R1, 6.5R2, 6.5R3.1 Network Connect sporadic disconnects.

We are observing the same issue in our infrastructure as well. Would be great if JTAC finds a quick fix.

0 Kudos
ThomasN_
Occasional Contributor
‎03-15-2010 08:37:AM
‎03-15-2010 08:37:AM

Re: 6.5R1, 6.5R2, 6.5R3.1 Network Connect sporadic disconnects.

..we have the same problem. The NC disconnects after (about) 51 secondes. The users are getting no error messages and in the juniper log we also can«t find any hint for this problem (only the message: Closed connection to TUN-VPN port 443 after 51 seconds, with 196 bytes read (in 1 chunks) and 2318 bytes written (in 23 chunks). But some users can work in this role. Now we use the version 6.5R3.1. With 6.4R2 we don«t have this problem, have any one a fix for this problem?

Thank you,

br Thomas

0 Kudos
rcallanan_
Contributor
‎03-15-2010 09:46:AM
‎03-15-2010 09:46:AM

Re: 6.5R1, 6.5R2, 6.5R3.1 Network Connect sporadic disconnects.

We're having a disconnect issue as well, but we are currently in an Active/Active deployment with load balancing in front of SA6500's. We're on 6.5r3.1, and are using Radware load balancers to NAT traffic into our network. So this may or may not be related.

We see disconnections after one minute when using ESP, pure SSL is fine. Network Traces show a FIN-ACK being sent from the client address to the IVE, and the session will disconnect and fail to reconnect.

0 Kudos
mcmahonjr_
Occasional Contributor
‎03-15-2010 12:22:PM
‎03-15-2010 12:22:PM

Re: 6.5R1, 6.5R2, 6.5R3.1 Network Connect sporadic disconnects.

Are you doing split tunneling? We had the same issue(s) and it was related to no split tunneling.

0 Kudos
tvn_
Occasional Contributor
‎03-15-2010 12:40:PM
‎03-15-2010 12:40:PM

Re: 6.5R1, 6.5R2, 6.5R3.1 Network Connect sporadic disconnects.

The first user stated he think there's a problem with Session Counter enable but waiting for TAC to update him.

I am ttryin to find out from the Support Account Manager what kind of problem this coudl cause. Could it caused the NC to disconnect. I have Session Counter enalbed. maybe i need to turn it off. Some of my user disconnect after a few minutes with similar syslog messages as other person added.

Juniper employees: Could you guys find out about the Session Counter potential problem? What are the problems?

0 Kudos
tvn_
Occasional Contributor
‎03-15-2010 01:03:PM
‎03-15-2010 01:03:PM

Re: 6.5R1, 6.5R2, 6.5R3.1 Network Connect sporadic disconnects.

Do you guys also see a message " System Process detect a Host Checker time out on host xx.x.x..x for user "xyz" ?

This message is before the Close connection message.

0 Kudos
eagle107_
Contributor
‎03-15-2010 05:25:PM
‎03-15-2010 05:25:PM

Re: 6.5R1, 6.5R2, 6.5R3.1 Network Connect sporadic disconnects.

We finally got our issue resolved. We had tweaked our NCP for the 6.1 code. JTAC tier two stated that engineering recommended using NCP at 120 minutes for the idle timeout and set the IKE lifetime in the NC Connection Profile to 110 minutes. Since doing this we no longer have disconnects.

0 Kudos
ThomasN_
Occasional Contributor
‎03-16-2010 05:52:AM
‎03-16-2010 05:52:AM

Re: 6.5R1, 6.5R2, 6.5R3.1 Network Connect sporadic disconnects.

...thank you for the hint with no split tunneling, we changed the role settings from "disable split tunneling" to "allow access to local subnet" and now it seems to work for all our users without disconnects.

thank, thomas

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.