Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco anyconnect vpn protocol timeouts

Posted on 2009-07-14
2
Medium Priority
?
1,190 Views
Last Modified: 2012-06-21
We have a Cisco ASA configure with Anyconnect clients connecting over ssl.

This is all working great, clients can connect and stay connected for days.

The problem we are having is that TCP sessions have an overly aggressive timeout configured.
If I log into a unix server over the vpn session using ssh, the session works fine as long as I am not idle.  If I idle the session, the ASA tears the tcp session down in around 7 minutes.  
If I have any other client/server package running that allows the session to idle for between 5 and 7 minutes, the session will die.

I assume that the ASA is tearing down TCP sessions when they time out due to excessive idle time.

I need to be able to turn this idle timer up to a much longer perion.

What configuration lines control this behavior?
0
Comment
Question by:georgew3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 24857650
0
 

Accepted Solution

by:
georgew3 earned 0 total points
ID: 24947253
I found the solution.

This is the command line:

timeout conn 10:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question