Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5520 RDP Session Timeout

Greetings,

I have inherited the support of an ASA5520 running 8.0(3)12 code and I believe I have a pretty simple question here that I haven't been able to figure out on my own. I have a few users that connect to the box via IPSEC VPN client connections. They want to be able to leave up a RDP based connection, for monitoring purposes, for a most of the day, but thier RDP connection keeps getting discounnted after a few hours. The VPN connection never gets disconnected, just the RDP session running through it.  I have another box running 8.0(4) code and they can leave up the RDP sessions as long as they like without getting disconnected from the server(s). I have compared the configs of both boxes and don't see any glsring differences in regards to the configuration that would cuase the RDP sessions to either to stay up or be disconnected after an inactivity type scenario.

Would someone here be able to give me some idea of what to look for in regards to identifying the timer that is disconnecting the RDP session after a period of time. Whatever feed back provided would be greatly appreciated.

Regards,

Jaime

  • Firewalling
Everyone's tags (3)
2 REPLIES
Cisco Employee

ASA5520 RDP Session Timeout

The behaviour on version 8.0.4 is more a bug than a feature. If there is no traffic going through the RDP session, the firewall should really tear down the connection hence the RDP session is disconnected. This is the TCP proxy behaviour where the idle timeout kick in so attacker can't launch an attack using the same session if it is left idle for too long.

If you would need to keep the RDP session up for a long time, I would suggest the following 2 options:

1) Run a probe/continuous ping through the RDP session to keep the RDP up.

2) Configure TCP idle timeout on the ASA specific for only the RDP session to be zero, ie: no idle timeout, that would keep the RDP session up, but bare in mind that that is keeping the resource/connection up on the ASA even though it is not being used. Depending on how many RDP session you have, and how busy your ASA is, the longer the session is kept even though it is not being used, the more resources it is used on the ASA.

New Member

ASA5520 RDP Session Timeout

Jennifer,

Thanks for the response. I suspected that the 8.0.4 non timeout behavior was more of a bug than a feature since the 8.0.3 boxes were timeout due to the default tcp connection timeout setting.

Thanks for the reply.

Jaime

1560
Views
0
Helpful
2
Replies
This widget could not be displayed.