cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3465
Views
0
Helpful
12
Replies

ASA5505 and tcp connections drops.?

j-tagesson
Level 1
Level 1

Hi there. I have a strange issue.

I have a ASA 5505 with some clients behind it who connects to an offsite database.

They run the application all day, but for longer periods of times, ie 1-2 hours they are idle in the application.

When they start using the application again they get messaages that they have been disconnected from the databse or they get an unresponsive

applications for like 5-10 minutes beforeit starts to function again.

To solve this I thought I increase the tcp timeout so I did, for the client server traffic. Now it's set to 4 hrs.

BUT I still get the error.??

Has anyone got a clue what could cause this ?

Regards Joel

12 Replies 12

Hi,

Isn't the application itself where the're getting disconnected at?

I don't think they are being disconnected by the ASA if you increased the TCP timeout.

Do you know if the PING works all the time (even when they are disconnected)?

I just want to know if the issue is that the connection is being torn down by the ASA or that the application itself disconnects the users after an idle period.


Federico.

Good thinking.

I was thinking that my new 4 hrs tcp timeout sh conn would work as proof that It's not the ASA firewall.

Meanwhile the server guys put a client outside the firewall...

And that client haven't had the disconnect issue..

So I guess the problem came right back at us. :-)


Ping works all the time btw.

mmm...

If the ASA is causing the problem, then it should show in the logs.

Can you post the logs?

Federico.

Here's where it's getting tricky.. I can't seem to find anything in the logs. I have set up a syslog server but either I have set up the logging wrong or

it doesn't show any error..

For instance, I get  local1.warning and local1.notice but I can't find any errors regarding this communication

Here's my logging: (attatched file)

Am I doing something wrong ?

Also, I have logging informational on the rule with the traffic from client to server.

You're not getting any logs on the syslog server?

Can you change it to level debugging?

Federico.

Sorry. I'm getting logs to syslog , jut not anything interesting with the ipadresses that I've specified.

I can change it to debugging and se if anything happends..

I found out that I had to enable 106100 messages which by default didn't get logged to syslog.. Now I'm getting my traffic sent to the syslog server.

Great!

Can you see if you're getting logs related to this connection?

Federico.

rcordeiro
Level 1
Level 1

Hi,

Did you solve this? I'm having the same problem.

Regards

Same problem on my end. Only thing I can see is when the connection drops, I get this logged:

6    Jul 29 2010    16:47:56    302014    99.100.154.220    3389    10.20.12.214    9261    Teardown TCP connection 49927 for outside:99.100.154.220/3389 to inside:10.20.12.214/9261 duration 0:13:39 bytes 3083949 TCP Reset-I

that's the only indicator I have of anything going wrong on this, and that's when it drops.

My configuration is all but virgin - no funky ACL's - just base implied allows

Hi,

My problem was with connections to a database, if the connections reached the idle limit the firewall closes the connection and next time someone did something on the appliacation.

I solved this creating a "Service Application Rule" with a ACL to the interesting traffic and defining 5 hours for the connection timeout (if someone leave the application idle for more than 5 hour it could easily restart it).

Regards,

Rui Cordeiro

rcordeiro wrote:

Hi,

My problem was with connections to a database, if the connections reached the idle limit the firewall closes the connection and next time someone did something on the appliacation.

I solved this creating a "Service Application Rule" with a ACL to the interesting traffic and defining 5 hours for the connection timeout (if someone leave the application idle for more than 5 hour it could easily restart it).

Regards,

Rui Cordeiro

Thanks for the info Rui, unfortunately, I don't think this is the case here. I'll have to keep looking.

This problem happens randomly - download a youtube video and it will just stop at a random point and you have to refresh the page. Do so and it might work, or might stop at a different point.

Remote desktop to my home server, same thing.

The connections die with a RESET-I logged, but I don't see any reason for the reset.

Review Cisco Networking for a $25 gift card