AnyConnect Conflict with IBM z/OS time out sessions
We have an issue whereby our ASA and mainframe are experiencing strange time out issues. The default timeout for the mainframe is 90 minutes. Prior to AnyConnect, we were using standard RAS PPTP. In the past, if a developer had multiple sessions open and neglected a particular session for the 90 minutes, it would gracefully log them off the session so that the user would only have to log back in. Since we've introdued ASA and AnyConnect, the session windows are timing out at 60 minutes and not gracefully logging off. The session window will freeze for about a minute and then display a 510 error message. The user would then have to close the window, reopen and log back in.
We have attempted (what we believe) to configure all possible elements of the time out sessions on the ASA side and nothing seems to fix the issue. We've explored the dead peer, keep alive, etc to no avail. If we reenable the RAS and have the developers use this method there is no issue. Once we revert back to the ASA AnyConnect we witness the problem again.
It doesn't matter which sessions type the developers use....pcomm, extra.
Has anyone come across this or have any suggestions as to what the cause might be?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...