cics disconnections and pix/asa timeouts

Unanswered Question
May 20th, 2009
User Badges:

Hi all,

we have a problem of disconnections with xcics.

Users tell that disconnections happen also when they are working and, as result, they have to ask administrators to unlock their usernames.

This problem happens only with users of our branches.

Traffic from Germany passes through a fwsm 3.2(4), traffic from U.S.A passes trough the same fwsm and an asa 8.0(4).

2 weeks ago I changed conn timeout on fwsm from the default value to 2 hours and in Germany users now tell that no more disconnections happen.

In U.S.A problem was not solved, so I changed on ASA conn timeout from default value to 1h30min. Today a user wrote me that nothing has changed.

Does someone knows about issues with timeouts in pix/asa firewalls?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vmoopeung Tue, 05/26/2009 - 05:36
User Badges:
  • Bronze, 100 points or more

Configure idle timeout and session timeout as none in order to make the tunnel always be up and so that the tunnel is never dropped. If the idle timeout is set to 30 minutes (default), it means that it drops the tunnel after 30 minutes of no traffic passes through it. The VPN client gets disconnected after 30 minutes regardless of the setting of idle timeout and encounters the PEER_DELETE-IKE_DELETE_UNSPECIFIED error.


This Discussion