Site-to-Site VPN and Telnet connections

Unanswered Question
Sep 12th, 2007
User Badges:

Hi All,

I've got a site to site connection using an ASA5505 (7.2(2)) connecting to our office. Between these offices, we have terminal servers that connect to each other. The ASA seems to be tearing down the telnet connections and the users wind up having to reset the telnet connections. I've already tried changing the TCP connection timeout to 00:00:00 but it's still tearing down the connection. I've also enabled keepalives on the terminal servers but still the disconnects occur. Is there any other setting that's causing this? Is there anything I can change in the ASA to stop it from tearing down connections from a specific IP address?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mattiaseriksson Wed, 09/12/2007 - 11:03
User Badges:
  • Bronze, 100 points or more

You probably need to check the 'timeout xlate' as well. It is not a good idea to raise it too high though, as the ASA may run out of resources. Some kind of application level keepalive is a better option.

vpoon87 Wed, 09/12/2007 - 12:42
User Badges:

Thanks for the reply

I just looked at the keepalive settings on the terminal server and I set it to send a keepalive message every 1 minute. I put the ASA in debug mode but I don't see anything coming from the terminal server. Should I see something come through the debug logs?

mattiaseriksson Wed, 09/12/2007 - 13:10
User Badges:
  • Bronze, 100 points or more

You can use the capture command to see if anything is going through.

access-list capture_test permit tcp any host

capture inside_capture access-list capture_test interface inside

show capture inside_capture


This Discussion