cics disconnections and pix/asa timeouts

Unanswered Question
May 20th, 2009

Hi all,

we have a problem of disconnections with xcics.

Users tell that disconnections happen also when they are working and, as result, they have to ask administrators to unlock their usernames.

This problem happens only with users of our branches.

Traffic from Germany passes through a fwsm 3.2(4), traffic from U.S.A passes trough the same fwsm and an asa 8.0(4).

2 weeks ago I changed conn timeout on fwsm from the default value to 2 hours and in Germany users now tell that no more disconnections happen.

In U.S.A problem was not solved, so I changed on ASA conn timeout from default value to 1h30min. Today a user wrote me that nothing has changed.

Does someone knows about issues with timeouts in pix/asa firewalls?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vmoopeung Tue, 05/26/2009 - 05:36

Configure idle timeout and session timeout as none in order to make the tunnel always be up and so that the tunnel is never dropped. If the idle timeout is set to 30 minutes (default), it means that it drops the tunnel after 30 minutes of no traffic passes through it. The VPN client gets disconnected after 30 minutes regardless of the setting of idle timeout and encounters the PEER_DELETE-IKE_DELETE_UNSPECIFIED error.


This Discussion