Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7259
Views
0
Helpful
7
Replies

Remote VPN client session disconnects after being idle for 5 minutes

mahlory_2002
Level 1
Level 1

‎05-21-2008 02:50 AM - edited ‎02-21-2020 03:44 PM

I have a problem with my remote vpn client setup that everytime I became idle for 5 minutes my remote vpn connection is being disconnected. But the PIX firewall is configured to use the default idle timeout which is 30 minutes.

I'm using the following software for this setup:

Client: Cisco VPN client ver 4.8.02

Server: PIX 515E, ver 8.0(2)

Following is the global timeout settings in firewall:

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

Any suggestions?

Thanks,

Mahlory

Labels:
0 Helpful
7 Replies 7

shmathur
Level 1
Level 1

‎05-21-2008 02:57 AM

These global timeout settings are not relevant for VPN timeouts.

On the group policy in question, please add the following statement:

group-policy attributes

vpn-idle-timeout none

HTH

0 Helpful

mahlory_2002
Level 1
Level 1
In response to shmathur

‎05-21-2008 06:01 AM

The firewall is configured to use the default timeout which is 30 minutes.

See attached screen shot.

Thanks,

Mahlory

Preview file
59 KB
0 Helpful

jblackorby
Level 1
Level 1

‎05-21-2008 07:55 AM

Check the group-policy specific timeout:

group-policy clientgroup attributes

vpn-idle-timeout 20

0 Helpful

mahlory_2002
Level 1
Level 1
In response to jblackorby

‎05-21-2008 06:26 PM

Hi,

I tried to set the group-policy specific timeout as below:

group-policy DfltGrpPolicy attributes

vpn-idle-timeout 50

Still my vpn session timeout after idle of 5 minutes.

Thanks,

Mahlory

0 Helpful

mahlory_2002
Level 1
Level 1
In response to mahlory_2002

‎05-21-2008 07:08 PM

I noticed that if I set the timeout less than 5 minutes the timeout settings works but if the timeout is more than 5 minutes ie. 10, 20, 30, 60 mins, the vpn session still disconnects after 5 minutes.

From my vpn client logs I can see that the VPN gateway sends a RST to close the connection after 5 minutes idle.

Is this a bug or there is some other settings in the firewall that I need to check?

Regards,

Mahlory

0 Helpful

tony.mormile
Level 1
Level 1
In response to mahlory_2002

‎05-29-2008 10:08 AM

I had the same issue.

Documentation says to edit Group policy.

As you are aware, it does not change the behavior.

I found a solution using the ASDM.

Go to Configuration, VPN, General.

Edit the Tunnel Group, select the IPSec tab, and change the ISAKMP Keepalive.

I changed the Monitor keepalives, Confidence Interval to 1800 (seconds) kept the retry at 2.

Apply and Save changes.

test your vpn client.

Mine stayed connected for 29 min and change before disconnect.

Hope this helps.

0 Helpful

craig.eyre
Level 1
Level 1
In response to mahlory_2002

‎01-08-2009 11:17 AM

Mahlory,

Did you get this issue resolved?

Craig

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents