Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1158
Views
0
Helpful
1
Replies

Clientless SSL & RDP - Disconnects

snooter
Level 1
Level 1

‎10-27-2009 10:47 AM - edited ‎02-21-2020 03:45 AM

ASA 5510

v8.2(1)

I've been troubleshooting this clientless SSL vpn issue now for what seems like years. It's hit or miss and I can never reproduce it. Problem is, remote users using the clientless ssl with rdp plugin to access terminal servers randomly get disconnected.

From what I've gathered, it appears that they're working along and things freeze and shortly there after they've been disconnected. They have to close everything and relogin to the asa ssl and restart the terminal server session which picks up right where they left off.

It doesn't seem to affect all remote users everytime. Sometimes it's two users or just one, but never all users.

We've got a 3MB internet pipe into it and our bandwidth utilization is minimal, averaging maybe 15% on a normal day.

I can't see any errors on the asa and no errors on the client. It's like the asa has simply closed the ssl tunnel and that's it. Their internet still functions just fine when this happens, so I know it's not their providers issue and of course our internet for the company never misses a beat.

I've got the terminal server sessions color knocked as low as it'll go to help with the screen refresh rate, but it doesn't seem to help much. An example from just today, I've had a single user get disconnected three times in a matter of 30 minutes. However, he had been logged on and working for 3.5 hours prior to that just fine. No idle timeouts are taking affect either.

Anyone experienced this or something similar before and actually found a resolution or for sure cause?

Thanks

0 Helpful
1 Reply 1

Farrukh Haroon
VIP Alumni
VIP Alumni

‎11-22-2009 11:45 PM

We had a similar issue with a IOS SSL VPN gateway, it seemed we were missing the 'service tcp-keepalives ..' command on the router. We had dozens of stuck connections on the router, putting the command solved a similar issue for us. However I doubt that would be the case on the ASA (just mentioning this to provide hints in the right direction, perhaps leading you to a solution).

It could also be related to MTU issues, did you check that?

Regards

Farrukh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card