https://community.cisco.com/t5/network-security/connection-timeout-asa5520/m-p/1741427#M494809 <HTML><HEAD></HEAD><BODY><P>Not a good practice to leave the connections idle on the firewall for a long period of time (more than the default). Check on the logs and see what is the reason of the teardown of the connecition. Also, you can setup DCD (Dead connection detection) between the host and if the connection is still up the ASA wont torn it down. </P><P></P><P>Mike </P></BODY></HTML> Wed, 02 Nov 2011 23:14:58 GMT Maykol Rojas 2011-11-02T23:14:58Z https://community.cisco.com/t5/network-security/connection-timeout-asa5520/m-p/1741423#M494801 <P>Hello,</P><P></P><P>I configured multiple vlan on my Cisco ASA5520. Everything work perfectly except RDP (3389) connections. </P><P>The connections are established but but after a period of inactivity, the user is disconnected from server (black screen).</P><P>The same problem happens with other type of connections (client/server), exemple : Oracle, file sharing.. </P><P>Before installing the ASA, computers and servers were in the same vlan and it worked well. </P><P></P><P>There's a notion of inter vlan timeout connection ? </P><P></P><P>Thanks for help. </P> Tue, 26 Mar 2019 00:47:20 GMT https://community.cisco.com/t5/network-security/connection-timeout-asa5520/m-p/1741423#M494801 wbourguibartic 2019-03-26T00:47:20Z https://community.cisco.com/t5/network-security/connection-timeout-asa5520/m-p/1741424#M494803 <HTML><HEAD></HEAD><BODY><P> Hello,</P><P></P><P>See if the 'troubleshoot' section of the below doc works.</P><P></P><P><A href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807d287e.shtml">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807d287e.shtml</A></P><P></P><P>hth</P><P>MS</P></BODY></HTML> Wed, 26 Oct 2011 15:07:02 GMT https://community.cisco.com/t5/network-security/connection-timeout-asa5520/m-p/1741424#M494803 mvsheik123 2011-10-26T15:07:02Z https://community.cisco.com/t5/network-security/connection-timeout-asa5520/m-p/1741425#M494805 <HTML><HEAD></HEAD><BODY><P> Hello,</P><P></P><P>I applied this command :</P><P><EM>timeout conn 10:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</EM></P><P><EM> </EM></P><P>No disconnection between machines on the same vlan, but it still the case for machines on different vlan. </P><P>Does thie has relation with MTU size ? </P><P></P><P>Thanks. </P></BODY></HTML> Thu, 27 Oct 2011 07:39:11 GMT https://community.cisco.com/t5/network-security/connection-timeout-asa5520/m-p/1741425#M494805 wbourguibartic 2011-10-27T07:39:11Z https://community.cisco.com/t5/network-security/connection-timeout-asa5520/m-p/1741426#M494808 <HTML><HEAD></HEAD><BODY><P>Hi-</P><P></P><P> How long before your RDP sessions time out? The 'timeout conn 0' command should be issued if you wish TCP connections to 'never' timeout. Keep in mind as well, that your machines that 'aren't' timing out, that are on the same VLAN 'do not' hit the firewall because it's a Layer-2 broadcast between hosts on that segment. Crossing VLANs that are owned (or routed) by ASA will be Layer-3 traffic causing the packets to traverse the firewall. Let me know how it goes. Thanks.</P></BODY></HTML> Wed, 02 Nov 2011 23:04:17 GMT https://community.cisco.com/t5/network-security/connection-timeout-asa5520/m-p/1741426#M494808 caseth0102 2011-11-02T23:04:17Z https://community.cisco.com/t5/network-security/connection-timeout-asa5520/m-p/1741427#M494809 <HTML><HEAD></HEAD><BODY><P>Not a good practice to leave the connections idle on the firewall for a long period of time (more than the default). Check on the logs and see what is the reason of the teardown of the connecition. Also, you can setup DCD (Dead connection detection) between the host and if the connection is still up the ASA wont torn it down. </P><P></P><P>Mike </P></BODY></HTML> Wed, 02 Nov 2011 23:14:58 GMT https://community.cisco.com/t5/network-security/connection-timeout-asa5520/m-p/1741427#M494809 Maykol Rojas 2011-11-02T23:14:58Z https://community.cisco.com/t5/network-security/connection-timeout-asa5520/m-p/1741428#M494811 <HTML><HEAD></HEAD><BODY><P>I agree it's not good practice, or the 'timeout conn' can be increased. I suspect the issue here is an 'idle' connection.</P></BODY></HTML> Wed, 02 Nov 2011 23:39:42 GMT https://community.cisco.com/t5/network-security/connection-timeout-asa5520/m-p/1741428#M494811 caseth0102 2011-11-02T23:39:42Z