cancel
Showing results for 
Search instead for 
Did you mean: 

Frequent disconnects with NC and IVE 6.5R1

Highlighted
Contributor

Frequent disconnects with NC and IVE 6.5R1

Hi,

We had to upgrade the IVE to 6.5R1 to support Snow Leopard users and now are seeing frequent NC disconnects (every 20-26 minutes) with many Windows NC users. Is anyone else seeing this?

I am NOT seeing any host-checker timeouts or other errors on the IVE logs, just that the connection closes:

Info JAV20023 2009-10-27 10:11:16 - ive - [xx.yy.zz.53] First.Lastname(Passwords Only)[Corporate Laptop, Shared Drives, Users] - Closed connection to TUN-VPN port 443 after 1230 seconds, with 333643 bytes read (in 1024 chunks) and 373740 bytes written (in 1153 chunks)
Info JAV20021 2009-10-27 10:11:16 - ive - [xx.yy.zz.53] First.Lastname(Passwords Only)[Corporate Laptop, Shared Drives, Users] - Connected to TUN-VPN port 443
Info NWC23464 2009-10-27 10:11:16 - ive - [xx.yy.zz.53] First.Lastname(Passwords Only)[Corporate Laptop, Shared Drives, Users] - Network Connect: Session started for user with IP aa.bb.cc.112, hostname Lastname-pc
Info NWC24328 2009-10-27 09:52:22 - ive - [xx.yy.zz.53] First.Lastname(Passwords Only)[Corporate Laptop, Shared Drives, Users] - Transport mode failed over to SSL for user with NCIP aa.bb.cc.112
Info NWC23508 2009-10-27 09:51:52 - ive - [xx.yy.zz.53] First.Lastname(Passwords Only)[Corporate Laptop, Shared Drives, Users] - Key Exchange number 1 occured for user with NCIP aa.bb.cc.112
Info JAV20021 2009-10-27 09:50:45 - ive - [xx.yy.zz.53] First.Lastname(Passwords Only)[Corporate Laptop, Shared Drives, Users] - Connected to TUN-VPN port 443
Info NWC23464 2009-10-27 09:50:45 - ive - [xx.yy.zz.53] First.Lastname(Passwords Only)[Corporate Laptop, Shared Drives, Users] - Network Connect: Session started for user with IP aa.bb.cc.112, hostname Lastname-pc
Info NWC23465 2009-10-27 09:50:06 - ive - [xx.yy.zz.53] First.Lastname(Passwords Only)[Corporate Laptop, Shared Drives, Users] - Network Connect: Session ended for user with IP aa.bb.cc.112
Info JAV20023 2009-10-27 09:50:06 - ive - [xx.yy.zz.53] First.Lastname(Passwords Only)[Corporate Laptop, Shared Drives, Users] - Closed connection to TUN-VPN port 443 after 740 seconds, with 425730 bytes read (in 991 chunks) and 322507 bytes written (in 1077 chunks)
Info NWC24328 2009-10-27 09:39:21 - ive - [xx.yy.zz.53] First.Lastname(Passwords Only)[Corporate Laptop, Shared Drives, Users] - Transport mode failed over to SSL for user with NCIP aa.bb.cc.112
Info NWC23508 2009-10-27 09:38:51 - ive - [xx.yy.zz.53] First.Lastname(Passwords Only)[Corporate Laptop, Shared Drives, Users] - Key Exchange number 1 occured for user with NCIP aa.bb.cc.112
Info JAV20021 2009-10-27 09:37:46 - ive - [xx.yy.zz.53] First.Lastname(Passwords Only)[Corporate Laptop, Shared Drives, Users] - Connected to TUN-VPN port 443
Info NWC23464 2009-10-27 09:37:46 - ive - [xx.yy.zz.53] First.Lastname(Passwords Only)[Corporate Laptop, Shared Drives, Users] - Network Connect: Session started for user with IP aa.bb.cc.112, hostname Lastname-pc

Thoughts?

9 REPLIES 9
Highlighted
Contributor

Re: Frequent disconnects with NC and IVE 6.5R1

According to your logs, the client is using JSAM and Network Connect simultaneously. Looks like the JSAM connection closes in this entry:

Info JAV20023 2009-10-27 10:11:16 - ive - [xx.yy.zz.53] First.Lastname(Passwords Only)[Corporate Laptop, Shared Drives, Users] - Closed connection to TUN-VPN port 443 after 1230

Highlighted
Contributor

Re: Frequent disconnects with NC and IVE 6.5R1

Thanks - looks right to me. Can you tell me how this may have suddenly been enabled? I have been through the config and saw one instance of JSAM set (but no SAM sessions enabled for the role anyway...) so we'll see if that changes anything.

How can I be sure to disable JSAM in these (or all - we don't use it) circumstances?

Thanks,

Highlighted
Contributor

Re: Frequent disconnects with NC and IVE 6.5R1

Go to the User Roles page. You should see a list of all your roles. On the right-hand side you'll see columns of enabled setting. If you not using SAM at all, make sure you don't see any check marks in that column. Another place to look is the JSAM Autolaunch Policies: Resource Policies --> Web --> Launch JSAM. Make sure you don't have any autolaunch policies.

If you clear those and still have the problem, you'll probably need to open a case with JTAC.

Highlighted
Contributor

Re: Frequent disconnects with NC and IVE 6.5R1

I cleared any and all SAM references, AND rebooted (which I almost never do) - problem persists. (Crappy IVE software QA...) I will open a JTAC.

Highlighted
Super Contributor

Re: Frequent disconnects with NC and IVE 6.5R1

While the TUN-VPN message looks just like a JSAM message, this is in fact the message showing a close of Network Connect.

I think there is something in the sequence -

  • Key exchange 1
  • Transport mode fails over to SSL VPN 30 seconds later

I'm not sure this is related to the problem, but it curious that it is happening. If you can understand why that is happening, it might give you a clue as to why the disconnect is happening.

Is the connection between the PC and the SA proxied? What are the proxy settings in the role? What are the proxy settings in the client before it connects? Have you looked at debuglog.log (I know it is usually extremely obscure, but you might get lucky if you check for messages around the time it disconnected).

Ken

Highlighted
Contributor

Re: Frequent disconnects with NC and IVE 6.5R1


@kenlars wrote:

Is the connection between the PC and the SA proxied? What are the proxy settings in the role? What are the proxy settings in the client before it connects? Have you looked at debuglog.log (I know it is usually extremely obscure, but you might get lucky if you check for messages around the time it disconnected).

Ken


The connection between the PC and the SA is not proxied.

I will go through the debuglog.log, thanks for that tip.

Highlighted
Super Contributor

Re: Frequent disconnects with NC and IVE 6.5R1

Something is causing the ESP traffic to no longer be able to get from the client to the SA. That is very curious. A packet trace from the PC might be interesting as well.

Ken

Highlighted
Not applicable

Re: Frequent disconnects with NC and IVE 6.5R1

Hey Ken,

I have noticed the same thing. I went to Network Connection Profile of each role and changed from ESP to oNCP. While that aleast does let drops, I have noticed that when connected to SSL VPN their connections to local subnets are slower. Some people are complaining that their RDP session freezes every so often. I am starting to think its the code 6.5R1.

Regards,

Birju

Highlighted
Not applicable

Re: Frequent disconnects with NC and IVE 6.5R1

Hello Ken,

I have the same problem for two users on an SSL-VPN 6.2R2-1.

Does the packet capture has to be taken on the NC-interface or must it be on the network-card?