Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
314
Views
0
Helpful
4
Replies

VPN seesion problem.

sateeshk10
Level 1
Level 1

‎04-13-2009 08:03 AM

Hi,

I have a site to site VPN configured which is working fine. But i have small issue..

Database servers are suituated at both the locations and always session to be establised. it should not disconnect.

But here its getting disconnect every one hour and restablising the same. Due to which i am lossing some repoerts etc..again they to restablish...

I have configured the lifetime as 86400sec.

Is there anyway which i can increase the conn timeout to infinity?

DB-FW-----FW--DB

Regards

sateesh

Labels:
0 Helpful
4 Replies 4

Ivan Martinon
Level 7
Level 7

‎04-13-2009 08:47 AM

Do you see the tunnel bouncing when the application does? What are the vpn peers? ASA IOS routers?

0 Helpful

sateeshk10
Level 1
Level 1
In response to Ivan Martinon

‎04-13-2009 09:13 AM

Hi,

Tunnel is fine. only DB server session getting disconnect.

PIX 525 - 7.2(4) --A

PIX 525 - 6.3(3) -- B

One more thing both the ends connection limit is 1hr.I hope if i increase the conn limit it may resolve the issue.

Any suggestions are welcome..

Regards

sateesh

0 Helpful

Ivan Martinon
Level 7
Level 7
In response to sateeshk10

‎04-13-2009 09:18 AM

So then your problem is not with SA's being deleted hence no need to adjust the lifetime, your problem might lie on TCP idle connection, what is the setup for the connection timeouts on your firewalls? is the default set to 1 hour? Does this connection (DB) remains active or idle?

0 Helpful

sateeshk10
Level 1
Level 1
In response to Ivan Martinon

‎04-13-2009 10:18 AM

Hi,

I am also suspecting the same. By default idle conn timeout is 1hr.

My db conn reamin in idle mode.

Now i am correlating the same. Instially I planning to check for DB session 1hr idle . After that again I will try for DB session 30min idle timeout. So that we will come to know that if it is getting disconnect every 1hr then we can suspect conn idle time.. if it is getting disconnect at 30 min means..we need look into other perameters.

I appreciate your prompt responses..

Regards

sateesh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents