Cisco to Netgear IPSC VPN dropping when no activity
I have recently setup a gateway to gateway VPN between a client site and their medical billing service. They use a telnet client to access the billing server and basically leave it up and connected all day long. This wasn't an issue on the old netgear to netgear setup but with the cisco to netgear setup the telnet connection is dropping after some period of inactivity.
1. No changes have been made at the billing company's server..
2. No changes have been made at the billing company's router.
3. The Cisco ASA 5505 was implemented and the G2G VPN was setup up by copying the settings from the old Netgear router.
4. No we can not simply switch back to the old Netgear router.
5. Is there any reason why a G2G VPN would disconnect due to some kind of stale key or inactivity?
Thanks in advance.
1. No changes have been made at the billing company's server..
2. No changes have been made at the billing company's router.
3. The Cisco ASA 5505 was implemented and the G2G VPN was setup up by copying the settings from the old Netgear router.
4. No we can not simply switch back to the old Netgear router.
5. Is there any reason why a G2G VPN would disconnect due to some kind of stale key or inactivity?
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Exactly the case. I am no good with the command line but found the setting in ASDM. I actually set it to 0 so it never times out. Resource usage is not an issue since the router is totally over powered for it's current usage. Love it though. So much better than the Watchguards I deal with. Thanks.
FYI I wouldn't recommend setting the timeout to 0. The ASA does have limited connection resources and over time those connections will all get used if it never times out any inactive connections. I would set it to something, anything, even 7 days, but not disable the timeout function all together.
Use the "show connection all" command and it will show you how many connections are in use in the first line of the output.
Use the "show connection all" command and it will show you how many connections are in use in the first line of the output.
ASKER
Ok. Good idea. So I checked it out and there are only 4 connections at the current time and it's been what? two days?
This is the result I got from the command you suggested:
ciscoasa# show conn all
4 in use, 126 most used
It appears that the VPN has been connected for over two days now which is what I was hoping to accomplish. So, thanks for the helpful advice and I will keep an eye on it over the next week to see if it gets crazy.
This is the result I got from the command you suggested:
ciscoasa# show conn all
4 in use, 126 most used
It appears that the VPN has been connected for over two days now which is what I was hoping to accomplish. So, thanks for the helpful advice and I will keep an eye on it over the next week to see if it gets crazy.
group-policy DfltGrpPolicy attributes
vpn-idle-timeout none
That should get rid of the timeout.