ssh tunnel within remote ipsec

esossamon · ‎01-24-2009

I have user who is testing our new asa appliances and tells me while connected overnight to our RA ipsec vpn connection stays the ssh sessions he has drop at some point but the vpn connection is still connected. This does not occur when he is connected to our current 3030 concentrator which leads me to believe I have a setting missing somewhere on my asa. Any ideas?

Eric

mvsheik123 · ‎01-25-2009

Hi,

RA ipsec vpn connection : Time out you can set under the: tunnel-group general attributes command.

SSH: There is default timeout set for SSH & telnets. You can change them to the value you want.

hth

MS

esossamon · ‎01-25-2009

My settings for the tunnel-group are set to 8 hours but my understanding is that if this timeouts then the entire tunnel disconnects correct?

Also the telnet and ssh timeouts apply to connection to the appliance not to ssh sessions within the ipsec tunnel.

mvsheik123 · ‎01-26-2009

Can you try by setting the vpn-idle-timeout <> under group policy..?

telnet and ssh timeouts apply to connection to the appliance not to ssh sessions within the ipsec tunnel.

That is correct. I misinterpreted your original query.

Thanks

MS

cisco24x7 · ‎01-26-2009

There are two ways to fix this problem:

1- increase the tcp timeout setting on the ASA.

Something like timeout 24:00:00 or something

like that.

2- enable ssh keepalive on ssh server itself.

Add this line in the /etc/ssh/sshd_config and

restart the sshd service after that:

KeepAlive yes

Easy right?