06-25-2008 01:14 AM - edited 02-21-2020 03:47 PM
Hi,
we are using ASA 5505 remote access vpn is configured my clients say their vpn gets diconnects after 1 hr when they are using doing some work not idle what is the wrong in configuration & please find my firewall configuration
06-25-2008 11:37 AM
Sometimes creating new tunnel groups aside from default tunnel group, the new tunnel inherit settings from the default tunnel group. This means you have to for each tunnel group that you create to not inherit some of the default settings but rather specify new setting for that new tunnel.
Try setting idle timeout and/or session timeout to none or increase the minutes values to much greater numbers than one hour on the tunnel group you have problem with that user disconnects when vpn idle.
group-policy
vpn-idle-timeout none
vpn-session-timeout none
Here is some info for each command
http://www.cisco.com/en/US/docs/security/asa/asa71/command/reference/uz_711.html#wp1331977
See if that helps
-Rgds
Jorge
06-25-2008 08:08 PM
Jorge,
even i suspected this is causing the problem, but this will come in picture when iam idle on tunnel but my client say when they are doing some work
Any how i will try this let u know
06-26-2008 06:40 AM
Does it happens on just one client or many, if one client it could be problems on their end.. have you looked at your firewall physical interfaces to see if it is droping packets and your internet router interfaces as well to rule out physical issues.
06-26-2008 08:48 PM
Jorge,
actually as of now only one user has complained i changed the session & idle to settings to none we have asked them to check
06-27-2008 07:34 PM
Can you try to change this commands's timer? Let us see?
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
See command referance:
http://www.cisco.com/en/US/docs/security/pix/pix51/configuration/guide/commands.html#wp1026117
it is also closes TCP sessions.
Thanks,
Dharmesh Purohit
06-29-2008 08:17 PM
Hi Dharmesh,
I have changed the Session & Idle timeout to none we have asked the user to check it out if still the problem exits means i will try using above commands
Rgds
Ganesh
07-06-2008 10:20 PM
Hi,
my fw config is below
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
this issue is happeneing atleast 4 times a day
07-07-2008 03:50 AM
i have attached error message the error message
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide