cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2030
Views
0
Helpful
2
Replies

timeout conn 1:00:00

nygenxny123
Level 1
Level 1

I see the following command on my ASA

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

Does this apply to VPN users also?

the reason I ask is that some vpn users

are getting dropped after a few minutes

and we dont know why

I see no IDLE timout out in the config

asdm is currently unavailable

2 Replies 2

ddawson
Level 1
Level 1

No, those timeouts don't apply to VPN users. I'd recommend enabling logging on the client software for one or more of the users who are having the problem since the client log tends to be more informative than the corresponding logs in the ASA, and they only apply to that client so you don't have to wade through a bunch of messages that aren't pertinent. Set all the levels to 3, the highest setting, and have the user save the log messages to a file and send them to you when they see the problem. I suspect you'll see messages akin to "remote peer not responding", which points to some sort of connectivity problem between them and the ASA. Otherwise, these users could also be seeing an issue with the forced keepalives. The first question in this article at Cisco's web site talks about this and tells how to turn them off by editing the client .pcf file:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_qanda_item09186a0080094cf4.shtml

great!..will do

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: