Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5540 kills SSH sessions through the firewall

I have a Unix user that SSH's from the inside network to a Server in the DMZ network. If he leaves it idle the SSH session is killed by the firewall. Is there a way to tell the ASA not to kill SSH sessions through the firewall that are idle?

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: ASA 5540 kills SSH sessions through the firewall

There are two solutions to this:

1- increase the tcp idle connection on the ASA. The command is "timeout xxxx" or something like that. Check the documentation.

2- enable ssh keep-alive in SSH server itself. In the /etc/ssh/sshd_config configuration of the SSH server, uncomment this line:

#KeepAlive yes

then restart the ssh server. With option #2, you do not have to involve the Firewall guy.

Easy right?

3 REPLIES
Silver

Re: ASA 5540 kills SSH sessions through the firewall

There are two solutions to this:

1- increase the tcp idle connection on the ASA. The command is "timeout xxxx" or something like that. Check the documentation.

2- enable ssh keep-alive in SSH server itself. In the /etc/ssh/sshd_config configuration of the SSH server, uncomment this line:

#KeepAlive yes

then restart the ssh server. With option #2, you do not have to involve the Firewall guy.

Easy right?

New Member

Re: ASA 5540 kills SSH sessions through the firewall

Okay, option 1 worked for us. Increased the "timeout conn 01:00:00" to 2 hours and it worked. That is what I was looking for so I appreciate the response.

Thanks!

New Member

Re: ASA 5540 kills SSH sessions through the firewall

Every SSH client has option to enable keep-alive, this will send nop command every so seconds and keep the connection alive.

In Linux ssh client machine put it here:

/etc/ssh/ssh_config

ServerAliveInterval

In Putty (Windows) you go to

Connection -> Sending of null packets to keep session alive -> put value in seconds

1636
Views
5
Helpful
3
Replies