Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4288
Views
5
Helpful
3
Replies

ASA 5540 kills SSH sessions through the firewall

Go to solution
Joshua Engels
Level 1
Level 1

‎04-14-2009 05:37 AM - edited ‎03-11-2019 08:17 AM

I have a Unix user that SSH's from the inside network to a Server in the DMZ network. If he leaves it idle the SSH session is killed by the firewall. Is there a way to tell the ASA not to kill SSH sessions through the firewall that are idle?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cisco24x7
Level 6
Level 6

‎04-14-2009 07:03 AM

There are two solutions to this:

1- increase the tcp idle connection on the ASA. The command is "timeout xxxx" or something like that. Check the documentation.

2- enable ssh keep-alive in SSH server itself. In the /etc/ssh/sshd_config configuration of the SSH server, uncomment this line:

#KeepAlive yes

then restart the ssh server. With option #2, you do not have to involve the Firewall guy.

Easy right?

View solution in original post

0 Helpful
3 Replies 3

Go to solution
cisco24x7
Level 6
Level 6

‎04-14-2009 07:03 AM

There are two solutions to this:

1- increase the tcp idle connection on the ASA. The command is "timeout xxxx" or something like that. Check the documentation.

2- enable ssh keep-alive in SSH server itself. In the /etc/ssh/sshd_config configuration of the SSH server, uncomment this line:

#KeepAlive yes

then restart the ssh server. With option #2, you do not have to involve the Firewall guy.

Easy right?

0 Helpful

Go to solution
Joshua Engels
Level 1
Level 1
In response to cisco24x7

‎04-15-2009 04:47 AM

Okay, option 1 worked for us. Increased the "timeout conn 01:00:00" to 2 hours and it worked. That is what I was looking for so I appreciate the response.

Thanks!

0 Helpful

Go to solution
yuri_slobodyanyuk
Level 1
Level 1

‎04-14-2009 10:08 PM

Every SSH client has option to enable keep-alive, this will send nop command every so seconds and keep the connection alive.

In Linux ssh client machine put it here:

/etc/ssh/ssh_config

ServerAliveInterval

In Putty (Windows) you go to

Connection -> Sending of null packets to keep session alive -> put value in seconds

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card