cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
489
Views
0
Helpful
8
Replies

remote access vpn disconnects after 1 hr

gandhi.ganesh
Level 1
Level 1

Hi,

we are using ASA 5505 remote access vpn is configured my clients say their vpn gets diconnects after 1 hr when they are using doing some work not idle what is the wrong in configuration & please find my firewall configuration

8 Replies 8

JORGE RODRIGUEZ
Level 10
Level 10

Sometimes creating new tunnel groups aside from default tunnel group, the new tunnel inherit settings from the default tunnel group. This means you have to for each tunnel group that you create to not inherit some of the default settings but rather specify new setting for that new tunnel.

Try setting idle timeout and/or session timeout to none or increase the minutes values to much greater numbers than one hour on the tunnel group you have problem with that user disconnects when vpn idle.

group-policy attributes

vpn-idle-timeout none

vpn-session-timeout none

Here is some info for each command

http://www.cisco.com/en/US/docs/security/asa/asa71/command/reference/uz_711.html#wp1331977

See if that helps

-Rgds

Jorge

Jorge Rodriguez

Jorge,

even i suspected this is causing the problem, but this will come in picture when iam idle on tunnel but my client say when they are doing some work

Any how i will try this let u know

Does it happens on just one client or many, if one client it could be problems on their end.. have you looked at your firewall physical interfaces to see if it is droping packets and your internet router interfaces as well to rule out physical issues.

Jorge Rodriguez

Jorge,

actually as of now only one user has complained i changed the session & idle to settings to none we have asked them to check

purohit_810
Level 5
Level 5

Can you try to change this commands's timer? Let us see?

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

See command referance:

http://www.cisco.com/en/US/docs/security/pix/pix51/configuration/guide/commands.html#wp1026117

it is also closes TCP sessions.

Thanks,

Dharmesh Purohit

Hi Dharmesh,

I have changed the Session & Idle timeout to none we have asked the user to check it out if still the problem exits means i will try using above commands

Rgds

Ganesh

Hi,

my fw config is below

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

this issue is happeneing atleast 4 times a day

i have attached error message the error message

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: