remote access vpn disconnects after 1 hr

Unanswered Question
Jun 25th, 2008
User Badges:

Hi,

we are using ASA 5505 remote access vpn is configured my clients say their vpn gets diconnects after 1 hr when they are using doing some work not idle what is the wrong in configuration & please find my firewall configuration



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Wed, 06/25/2008 - 11:37
User Badges:
  • Green, 3000 points or more

Sometimes creating new tunnel groups aside from default tunnel group, the new tunnel inherit settings from the default tunnel group. This means you have to for each tunnel group that you create to not inherit some of the default settings but rather specify new setting for that new tunnel.



Try setting idle timeout and/or session timeout to none or increase the minutes values to much greater numbers than one hour on the tunnel group you have problem with that user disconnects when vpn idle.


group-policy attributes

vpn-idle-timeout none

vpn-session-timeout none


Here is some info for each command


http://www.cisco.com/en/US/docs/security/asa/asa71/command/reference/uz_711.html#wp1331977



See if that helps


-Rgds

Jorge


gandhi.ganesh Wed, 06/25/2008 - 20:08
User Badges:

Jorge,

even i suspected this is causing the problem, but this will come in picture when iam idle on tunnel but my client say when they are doing some work


Any how i will try this let u know

JORGE RODRIGUEZ Thu, 06/26/2008 - 06:40
User Badges:
  • Green, 3000 points or more

Does it happens on just one client or many, if one client it could be problems on their end.. have you looked at your firewall physical interfaces to see if it is droping packets and your internet router interfaces as well to rule out physical issues.



gandhi.ganesh Thu, 06/26/2008 - 20:48
User Badges:

Jorge,

actually as of now only one user has complained i changed the session & idle to settings to none we have asked them to check

gandhi.ganesh Sun, 06/29/2008 - 20:17
User Badges:

Hi Dharmesh,

I have changed the Session & Idle timeout to none we have asked the user to check it out if still the problem exits means i will try using above commands


Rgds

Ganesh

gandhi.ganesh Sun, 07/06/2008 - 22:20
User Badges:

Hi,

my fw config is below

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute


this issue is happeneing atleast 4 times a day

Actions

This Discussion