Solved

Cisco anyconnect vpn protocol timeouts

Posted on 2009-07-14
2
1,176 Views
Last Modified: 2012-06-21
We have a Cisco ASA configure with Anyconnect clients connecting over ssl.

This is all working great, clients can connect and stay connected for days.

The problem we are having is that TCP sessions have an overly aggressive timeout configured.
If I log into a unix server over the vpn session using ssh, the session works fine as long as I am not idle.  If I idle the session, the ASA tears the tcp session down in around 7 minutes.  
If I have any other client/server package running that allows the session to idle for between 5 and 7 minutes, the session will die.

I assume that the ASA is tearing down TCP sessions when they time out due to excessive idle time.

I need to be able to turn this idle timer up to a much longer perion.

What configuration lines control this behavior?
0
Comment
Question by:georgew3
2 Comments
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 24857650
0
 

Accepted Solution

by:
georgew3 earned 0 total points
ID: 24947253
I found the solution.

This is the command line:

timeout conn 10:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Site to Site VPN - Cisco ASA - Multiple Subnets at Main Location 6 90
VPN Client  - Windows 10 11 288
Macbook Sierra OS OpenVPN issue 13 85
Sync Azure AD to a local AD Server 4 116
Do you have an old router lying around the house that you don’t know what to do with? Check the make and model, then refer to either of these links to see if its compatible. http://www.dd-wrt.com/site/support/router-database http://www.dd-wrt.c…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question