Global Protect client disconnects every 5 minutes for 1 minute

cancel
Showing results for 
Search instead for 
Did you mean: 

Global Protect client disconnects every 5 minutes for 1 minute

L2 Linker

GP client disconnects from VPN every 5 minutes for  about 60 seconds.

During the disconnection the is no connectivity to internal resources (Chenking pings for example). Internet connectivity is OK during the disconnection.

The issue is related to internet connection (User / Laptop works fine on another location.)

After 60 seconds the client detects the disconnection and reconnects without entering the user / pass again

This is what I see in debug log:

T6940) 03/12/17 11:41:51:743 Info ( 708): Too many outstanding keepalive, timeout
(T6940) 03/12/17 11:41:51:743 Info ( 413): VPN timeout -1, get out of ProcMonitor
(T6940) 03/12/17 11:41:51:744 Debug( 218): Disconnect udp socket
(T6940) 03/12/17 11:41:51:744 Debug( 314): unset network
(T6940) 03/12/17 11:41:51:744 Debug(2065): Unset 36 routes

(T6940) 03/12/17 11:41:51:750 Debug( 722): no flushdns key set
(T6940) 03/12/17 11:41:51:750 Debug(3852): DLSA, savedMetric1Routes not present, do not need to restore
(T6940) 03/12/17 11:41:51:750 Debug(3340): DLSA, RestoreProxySetting now
(T6940) 03/12/17 11:41:51:750 Debug(3357): ProxyDisabledByMe is false or not present, leave RestoreProxySetting now
(T6940) 03/12/17 11:41:51:765 Debug( 620): PreviousDNSInfo not exit, do not need to restore, ret=00000002
(T6940) 03/12/17 11:41:51:765 Debug( 486): remove dns setting failed with ret = 00000002
(T6940) 03/12/17 11:41:51:819 Debug(1834): UnsetDNSSuffixSearchOrder returns 0
(T6940) 03/12/17 11:41:51:839 Debug(1839): UnsetDNSServerSearchOrder returns 0
(T6940) 03/12/17 11:41:51:853 Debug(1841): UnsetWINSServer returns 68
(T6940) 03/12/17 11:41:51:854 Debug( 160): Trying to do ipsec connection to 62.219.50.56[4501]
(T6940) 03/12/17 11:41:51:854 Info ( 172): Connected to: 62.x.x.x[4501], Sending keep alive to ipsec socket...
(T6940) 03/12/17 11:41:51:868 Info ( 204): Connected ipsec to 62.x.x.x(4501)
(T6940) 03/12/17 11:41:51:868 Info ( 248): tunnel to 62.x.x.x connected
(T6940) 03/12/17 11:41:51:893 Debug( 266): PsvRegister done
(T6940) 03/12/17 11:41:51:893 Debug( 435): Retry start succeeded

 

Any ideas?

 

1 ACCEPTED SOLUTION

Accepted Solutions

L2 Linker

I found the issue. (Strange but working)

A specific VDSL router model Netgear VEGN2610 was the issue. 

Also the issue occured only when connected to a specific ISP (www.bezeqint.net/english).

I had the issue in 4 different users / locations

Once I replaced the router, the issue was resolved.

View solution in original post

3 REPLIES 3

L4 Transporter
Hi ET,

Will need more data to investigate and troubleshoot this. Suggest you open up a case with TAC.

Regards,
Anurag
================================================================
ACE 7.0, 8.0, PCNSE 7

L2 Linker

I found the issue. (Strange but working)

A specific VDSL router model Netgear VEGN2610 was the issue. 

Also the issue occured only when connected to a specific ISP (www.bezeqint.net/english).

I had the issue in 4 different users / locations

Once I replaced the router, the issue was resolved.

I have a similar problem, for me I can stay connected as long as 14 minutes. I've done a packet capture and I see that keep alive packet responses stop for 50 seconds and terminates the tunnel. In my case any retry fails and claim invalid user. I also ran a continuous ping to the gateway on one capture session and could see that the ping was succeeding when the GP gw responses stopped. I don't understand why the gw would respond for each keep alive for up to 14 minutes and then stop. So I'm running this on a Windows 10 VM under VMware Fusion on a Mac and the Mac is connected to a Eero mesh router. Any help you could add would be helpful. I'm trying to contact our help desk, but not having much luck there. Note GP running on my Mac doesn't seem to have any problem.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!