Cisco anyconnect vpn protocol timeouts
Posted on 2009-07-14
We have a Cisco ASA configure with Anyconnect clients connecting over ssl.
This is all working great, clients can connect and stay connected for days.
The problem we are having is that TCP sessions have an overly aggressive timeout configured.
If I log into a unix server over the vpn session using ssh, the session works fine as long as I am not idle. If I idle the session, the ASA tears the tcp session down in around 7 minutes.
If I have any other client/server package running that allows the session to idle for between 5 and 7 minutes, the session will die.
I assume that the ASA is tearing down TCP sessions when they time out due to excessive idle time.
I need to be able to turn this idle timer up to a much longer perion.
What configuration lines control this behavior?