Site-to-Site VPN and Telnet connections

Unanswered Question
Sep 12th, 2007

Hi All,

I've got a site to site connection using an ASA5505 (7.2(2)) connecting to our office. Between these offices, we have terminal servers that connect to each other. The ASA seems to be tearing down the telnet connections and the users wind up having to reset the telnet connections. I've already tried changing the TCP connection timeout to 00:00:00 but it's still tearing down the connection. I've also enabled keepalives on the terminal servers but still the disconnects occur. Is there any other setting that's causing this? Is there anything I can change in the ASA to stop it from tearing down connections from a specific IP address?

Thanks

Victor

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mattiaseriksson Wed, 09/12/2007 - 11:03

You probably need to check the 'timeout xlate' as well. It is not a good idea to raise it too high though, as the ASA may run out of resources. Some kind of application level keepalive is a better option.

vpoon87 Wed, 09/12/2007 - 12:42

Thanks for the reply

I just looked at the keepalive settings on the terminal server and I set it to send a keepalive message every 1 minute. I put the ASA in debug mode but I don't see anything coming from the terminal server. Should I see something come through the debug logs?

mattiaseriksson Wed, 09/12/2007 - 13:10

You can use the capture command to see if anything is going through.

access-list capture_test permit tcp any host 192.168.1.1

capture inside_capture access-list capture_test interface inside

show capture inside_capture

Actions

This Discussion