Solved: ASA timeout settings -- affecting tunnelled traffic?

MauryJ · ‎09-07-2007

Hello all,

We have one user who routinely connects to our network via VPN over wireless (with the VPN terminating on the DMZ interface of the ASA). Connections to LAN resources work fine, however, if she leaves a telnet session idle for about 2 hours, the session drops -- but she does not lose her VPN session. I was wondering if the connection timeout setting in the ASA would affect this? It is set to 2 hours. I would have thought if that were the case, it would be killing the whole VPN connection. I did check the server thats being connected to, and it does not have any telnet/shell timeouts set.

Thanks for any insight

MJ

cpembleton · ‎09-08-2007

The VPN tunnel has it's own timeouts. Once the tunnel is built the ASA still keeps track of all connections just as it would for non-vpn traffic traversing the ASA.

So yes, the timeout for conn will affect the telnet connection and all TCP connections.

Thanks,

Chad

Please rate if this helps!

View solution in original post

cpembleton · ‎09-08-2007

The VPN tunnel has it's own timeouts. Once the tunnel is built the ASA still keeps track of all connections just as it would for non-vpn traffic traversing the ASA.

So yes, the timeout for conn will affect the telnet connection and all TCP connections.

Thanks,

Chad

Please rate if this helps!

MauryJ · ‎09-08-2007

Thanks Chad! I'll change the timeouts on Monday and will let you know if it fixes it.

M