KB40496 - Internet Key Exchange (IKEv2) connection drops after 180 seconds when using LDAP as a Directory/Attribute server in the realm

This article describes an issue when all IKEv2 tunnels drop after 180 seconds on the Pulse Connect Secure appliance when using LDAP as a directory/attribute server in the realm configuration.

When configuring LDAP as a user directory/attribute on the realm for an IKEv2 connection, all active IKEv2 tunnels will be disconnected after 180 seconds from initial login. Although the IKEv2 tunnel is dropped on the PCS side, user sessions will remain active.

The following PCS releases are affected by this issue: 

• 8.0R7+
• 8.1R1+
• 8.2R1+

This issue occurs due to a code change in 8.0R7, 8.1R1, and 8.2R1. For the following issue to occur, all conditions should be met:

• Users are connecting using IKEv2
• LDAP Authorization is selected under User Directory/Attribute for the realm that the IKEv2 connection are being made for

This issue is resolved in the following releases, 8.1R12 and 8.2R8 and up.

Workaround

If an upgrade is not possible, use one of the following options below:

• Migrate users from using IKEv2 to Pulse Client
• Disable or remove LDAP from the User Directory/Attribute for the IKEv2 realm