problems with applications over vpn ipsec site-to-site

Unanswered Question
Oct 31st, 2008
User Badges:

Hi all,

I have some problems with some applications as Xcics and Citrix when client and server are connected through a vpn site-to-site. Clients don't seem to have any problem to connect to the server, but after a period of time, they disconnect even if users are working. Session is not closed correctly on server and stay hung, so users can't connect if the administrator doesn't close the session on the server. Some vpns pass through a Pix515E, others pass through a fwsm and an ASA5510. Does anyone knows something about this issue?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Tue, 11/04/2008 - 03:11
User Badges:
  • Red, 2250 points or more

Have you enabled isakmp keepalives?



gdspa Thu, 11/06/2008 - 06:59
User Badges:

Yes, and I have a software to monitor the connections which sends a ping every 1 minute. Disconnections happen when users are working, not after a period of inactivity.

ssandifer Fri, 11/07/2008 - 06:12
User Badges:

Try increasing theses values..

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00

gdspa Fri, 11/14/2008 - 06:06
User Badges:

I have controlled with ASDM.Values you indicate are unchecked on my firewall. ASDM guide says "unchecking the check

boxes means there is no timeout value", so the problem is not caused by timeouts, is it?

gdspa Thu, 04/29/2010 - 00:09
User Badges:

I resolved the problem configuring connection timeout = 2 hours.

gdspa Wed, 07/21/2010 - 00:19
User Badges:

problem solved, see my post of 29-apr-2009


This Discussion