georgew3
asked on
Cisco anyconnect vpn protocol timeouts
We have a Cisco ASA configure with Anyconnect clients connecting over ssl.
This is all working great, clients can connect and stay connected for days.
The problem we are having is that TCP sessions have an overly aggressive timeout configured.
If I log into a unix server over the vpn session using ssh, the session works fine as long as I am not idle. If I idle the session, the ASA tears the tcp session down in around 7 minutes.
If I have any other client/server package running that allows the session to idle for between 5 and 7 minutes, the session will die.
I assume that the ASA is tearing down TCP sessions when they time out due to excessive idle time.
I need to be able to turn this idle timer up to a much longer perion.
What configuration lines control this behavior?
This is all working great, clients can connect and stay connected for days.
The problem we are having is that TCP sessions have an overly aggressive timeout configured.
If I log into a unix server over the vpn session using ssh, the session works fine as long as I am not idle. If I idle the session, the ASA tears the tcp session down in around 7 minutes.
If I have any other client/server package running that allows the session to idle for between 5 and 7 minutes, the session will die.
I assume that the ASA is tearing down TCP sessions when they time out due to excessive idle time.
I need to be able to turn this idle timer up to a much longer perion.
What configuration lines control this behavior?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Please read the below discussion;
http://www.velocityreviews.com/forums/t372195-asa-72-dead-connection-detection-dcd.html