Cisco Systems VPN Adapter

Reply
L1 Bithead

Re: Cisco Systems VPN Adapter

wscmtts,

I have PANOS 4.1.2 and this is not the same problem. I configured Gateway with IPSec and X_Auth support. As client I use CISCO VPN client 5 which support only IPSec VPN connections. When I open "More Users Info" window to see active connection a have a LIfetime of connection set to 3660 sec. When I configured gateway I set login lifetime parameter to 24 hours. I also get an System log message that IPSec key has expired. I just do not know where I can change this parameter.

L4 Transporter

Re: Cisco Systems VPN Adapter

Hello lancom,

Did you find a solution to the lifetime timer (3660 sec).

I run into the same issue...

Regards,

Hedi

Highlighted
L1 Bithead

Re: Cisco Systems VPN Adapter

Hi,

I still have an open case on this matter. We find out that it is the same problem with iPad nativ client which is supported by Palo Alto.

So i'm waiting for a response from support team.

Not applicable

Re: Cisco Systems VPN Adapter

Hi Iancom,

If you hear back can you leave a post, as I am having the same issue!

Thanks

L0 Member

Re: Cisco Systems VPN Adapter

does your case close and get a workaroud?

could you please share a solution?

L0 Member

Re: Cisco Systems VPN Adapter

Bump. Same problem here, PA-2050, version 4.1.9. I have tried all the suggestions in the forum, but connections from Android and Linux devices timeout after about an hour.

In the logs, I see this:

IPSec key installed. Installed SA: 65.183.159.2[4500]-24.218.166.37[4500] SPI:0x8CB61A86/0x73498191 lifetime 3300 Sec lifesize unlimited

followed by (surprise, surprise!) about 3300 seconds later.  ;-)

    

IKE phase-1 SA is expired SA: 65.183.159.2[4500]-24.218.166.37[4500] cookie:ffe6e33d5c27a2f5:6253cd787672d842.

This is really a shame, because the connection works flawlessly, but in our environment timing out and having to manually reconnect isn't going to fly.

Not applicable

Re: Cisco Systems VPN Adapter

Hi,

I tried everything you mentioned and I can connect using iOS with no problem. For the life of me, I can't get the Cisco VPN client to even connect, no response from peer. The one confusing me is the security policy rule you mentioned. Would it be from untrust to untrust as far as the zones since the interface IP is in the untrust zone?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!