VPN seesion problem.

Unanswered Question
Apr 13th, 2009
User Badges:

Hi,


I have a site to site VPN configured which is working fine. But i have small issue..


Database servers are suituated at both the locations and always session to be establised. it should not disconnect.


But here its getting disconnect every one hour and restablising the same. Due to which i am lossing some repoerts etc..again they to restablish...


I have configured the lifetime as 86400sec.

Is there anyway which i can increase the conn timeout to infinity?


DB-FW-----FW--DB


Regards

sateesh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Mon, 04/13/2009 - 08:47
User Badges:
  • Cisco Employee,

Do you see the tunnel bouncing when the application does? What are the vpn peers? ASA IOS routers?

sateeshk10 Mon, 04/13/2009 - 09:13
User Badges:

Hi,


Tunnel is fine. only DB server session getting disconnect.


PIX 525 - 7.2(4) --A

PIX 525 - 6.3(3) -- B

One more thing both the ends connection limit is 1hr.I hope if i increase the conn limit it may resolve the issue.


Any suggestions are welcome..


Regards

sateesh

Ivan Martinon Mon, 04/13/2009 - 09:18
User Badges:
  • Cisco Employee,

So then your problem is not with SA's being deleted hence no need to adjust the lifetime, your problem might lie on TCP idle connection, what is the setup for the connection timeouts on your firewalls? is the default set to 1 hour? Does this connection (DB) remains active or idle?

sateeshk10 Mon, 04/13/2009 - 10:18
User Badges:

Hi,


I am also suspecting the same. By default idle conn timeout is 1hr.


My db conn reamin in idle mode.


Now i am correlating the same. Instially I planning to check for DB session 1hr idle . After that again I will try for DB session 30min idle timeout. So that we will come to know that if it is getting disconnect every 1hr then we can suspect conn idle time.. if it is getting disconnect at 30 min means..we need look into other perameters.


I appreciate your prompt responses..


Regards

sateesh

Actions

This Discussion