ASA timeout settings -- affecting tunnelled traffic?

Answered Question
Sep 7th, 2007

Hello all,

We have one user who routinely connects to our network via VPN over wireless (with the VPN terminating on the DMZ interface of the ASA). Connections to LAN resources work fine, however, if she leaves a telnet session idle for about 2 hours, the session drops -- but she does not lose her VPN session. I was wondering if the connection timeout setting in the ASA would affect this? It is set to 2 hours. I would have thought if that were the case, it would be killing the whole VPN connection. I did check the server thats being connected to, and it does not have any telnet/shell timeouts set.

Thanks for any insight

MJ

I have this problem too.
0 votes
Correct Answer by cpembleton about 9 years 3 months ago

The VPN tunnel has it's own timeouts. Once the tunnel is built the ASA still keeps track of all connections just as it would for non-vpn traffic traversing the ASA.

So yes, the timeout for conn will affect the telnet connection and all TCP connections.

Thanks,

Chad

Please rate if this helps!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
cpembleton Sat, 09/08/2007 - 13:48

The VPN tunnel has it's own timeouts. Once the tunnel is built the ASA still keeps track of all connections just as it would for non-vpn traffic traversing the ASA.

So yes, the timeout for conn will affect the telnet connection and all TCP connections.

Thanks,

Chad

Please rate if this helps!

mauricej74 Sat, 09/08/2007 - 16:15

Thanks Chad! I'll change the timeouts on Monday and will let you know if it fixes it.

M

Actions

This Discussion