• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1203
  • Last Modified:

Cisco anyconnect vpn protocol timeouts

We have a Cisco ASA configure with Anyconnect clients connecting over ssl.

This is all working great, clients can connect and stay connected for days.

The problem we are having is that TCP sessions have an overly aggressive timeout configured.
If I log into a unix server over the vpn session using ssh, the session works fine as long as I am not idle.  If I idle the session, the ASA tears the tcp session down in around 7 minutes.  
If I have any other client/server package running that allows the session to idle for between 5 and 7 minutes, the session will die.

I assume that the ASA is tearing down TCP sessions when they time out due to excessive idle time.

I need to be able to turn this idle timer up to a much longer perion.

What configuration lines control this behavior?
1 Solution
Kamran ArshadIT AssociateCommented:
georgew3Author Commented:
I found the solution.

This is the command line:

timeout conn 10:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now