Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ssh tunnel within remote ipsec

I have user who is testing our new asa appliances and tells me while connected overnight to our RA ipsec vpn connection stays the ssh sessions he has drop at some point but the vpn connection is still connected. This does not occur when he is connected to our current 3030 concentrator which leads me to believe I have a setting missing somewhere on my asa. Any ideas?

Eric

4 REPLIES

Re: ssh tunnel within remote ipsec

Hi,

RA ipsec vpn connection : Time out you can set under the: tunnel-group general attributes command.

SSH: There is default timeout set for SSH & telnets. You can change them to the value you want.

hth

MS

Community Member

Re: ssh tunnel within remote ipsec

My settings for the tunnel-group are set to 8 hours but my understanding is that if this timeouts then the entire tunnel disconnects correct?

Also the telnet and ssh timeouts apply to connection to the appliance not to ssh sessions within the ipsec tunnel.

Re: ssh tunnel within remote ipsec

Can you try by setting the vpn-idle-timeout <> under group policy..?

telnet and ssh timeouts apply to connection to the appliance not to ssh sessions within the ipsec tunnel.

That is correct. I misinterpreted your original query.

Thanks

MS

Silver

Re: ssh tunnel within remote ipsec

There are two ways to fix this problem:

1- increase the tcp timeout setting on the ASA.

Something like timeout 24:00:00 or something

like that.

2- enable ssh keepalive on ssh server itself.

Add this line in the /etc/ssh/sshd_config and

restart the sshd service after that:

KeepAlive yes

Easy right?

366
Views
0
Helpful
4
Replies
CreatePlease to create content