we've got one pc in our network that keeps disconnecting from the vpn after one hour.
Everytime when that laptop is connected through vpn after 1 hour the laptop gets disconnected.
We've uninstalled the bonjour service that came with CS3 and checked the whole machine on virusses and spyware.
This laptop is now completly clean but we still have the same issue.
We're all out of idea's now so i was wondering if someone here has some idea's or a solution.
thx in advance
1) Does this mean that other computers on the same network connecting to the SSL-VPN device do not face this issues?
2) When you say disconnect is it SSL-VPN user session / network connect / SAM session?
3) Do you get any pop-up warning before / after the disconnect?
Yes, other pc's can connect whitout a problem. For example we had 2 collegue's in the same hotel in china, one could connect whitout the issue and the other always got disconnected after 1 hour.
I think it's network connect that is disconnecting but the user who has these problems will take a screenshot of it, so i will attach the screenshot here when i receive it.
One suggestion I would make would be to do a packet capture from the SA box. If the disconnect is that precise it would not be to hard to set it up so you are capturing a minmal amount of the data and can then potentially drill in and see the issue.
As promised, i've asked the person who has the problem to take a screenshot.
So in attachment the screenshot. This person has it every time he connects through vpn.
@kevin: I'll try to do a data capture and see what i can do and if i can find a cause through that.
Does the user access log show anything regarding timeout when a user experiences the failure?
Do any of your roles have a 60 minute idle or max session timeout?
Look at the values under the role as stated above.... ensure that "session options" is ticked in the role, then go to the session options tab, and ensure that the max and idle timouts are greater than one hour.
If this is network connect related, also go to Configuration > NCP, and check the idle timeout there, this should be greater than or equal to the role's maximum timeout.
are you doing split tunneling? If not, check to see the dhcp lease on the adapter. we have issues where the client will drop the tunnel when the dhcp lease is up and needs to be renewed.
We've started to see something similar but this is due to the Cache Cleaner being enabled. Our timeouts are set to 2 hours but the maximum time on the Cache Cleaner is 60 minutes. So the idle time of the Cache Cleaner hits before the NC timeout. I've asked around if this configuration is correct or how to change it, but no one has responded.
That should work; how do you have Cache Cleaner configured (e.g. default, added extra locations to delete)?
With that said, however, there have been some instances in which Cache Cleaner would remove the IVE session cookie or cause an issue with the cookie in other scenarios; in either case, the session is terminated (there is an item that affects the cookie in 6.4R1, which it looks like you are using right now).
Would it be possible to attach a copy of your debuglog.log (with Cache Cleaner events set to record at System>Log/Monitoring>Client Logs>Settings) or send it to me via direct note so we can try to confirm? If you are not comfortable with either of those, can you check the log for the string "dspreath= truncated"?