Dead Peer Detection/Keepalive Settings on SSL-VPN

Unanswered Question
Oct 30th, 2009


the dead peer detection with IPsec-Clients works very well on our ASA 5520. In contrary to this, DPD does not work when Anyconnect-Clients lose their SSL-VPN connection (e.g. when their LAN cable is pulled off). Although we set the appropriate settings, even 20 minutes after plugging out the client's cable the ASA tells us, that the connection is still there. The settings are:

group-policy SSLVPN_GROUP_POLICY attributes

dns-server value x.x.x.x

vpn-idle-timeout 30

vpn-session-timeout 1440

vpn-tunnel-protocol svc webvpn


url-list value xxx

svc dpd-interval gateway 10

svc ask enable default svc timeout 10

Is there anything wrong with the settings?

Which settings should basically be in the config, to activate dpd/keepalive on SSL-VPN connections?

Thanks in advance!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion