Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3702
Views
0
Helpful
9
Replies

Cisco ASA Suddenly Resrtart

Go to solution
danielbusisa1410
Level 1
Level 1

‎07-21-2020 07:23 PM

Hi All,

 

I have situation that my ASA is restart every day and i don't know what happen on it,

can you give me a light on this ? or maybe i can help with information in my ASA 

 

Thank you very much

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP
In response to danielbusisa1410

‎07-24-2020 12:13 PM

Yes change the value to something you desire that is less than the default and the tunnel will be torn down.  Just keep in mind that if the user leaves their PC for lunch, the ssl vpn is most likely no longer active and you might end up getting a lot of requests to change that behavior.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni

‎07-22-2020 12:07 AM

consider doing a software upgrade to stable release. seem like you hitting a bug which cause the firewall to reload.  Thread Name: Unicorn Proxy Thread this is a common bug.

 

upgrade it to 9.8.4 is stable and gold star here 

 

ASDM image upgrade here 

 

also consider upgrading the Rommon software here 

 

i also noted you running in HA pair in order for you to upgrade the HA pair here 

please do not forget to rate.
please do not forget to rate.
0 Helpful

Go to solution
danielbusisa1410
Level 1
Level 1
In response to Sheraz.Salim

‎07-22-2020 02:38 AM

Hi Sheraz,

 

Thank you for your reply,

I have one question out of topic, i already setup webvpn clientless ssl vpn in my ASA and when i close the browser the connection on ssl vpn still exist. can you help me what i must to do? what settings i can do?

 

Thank you so much

0 Helpful

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to danielbusisa1410

‎07-22-2020 02:46 AM - edited ‎07-22-2020 02:47 AM

 

it take some time to clear the cache entries in firewall table to get it clear. if you want to do it manually you can issue a command

 

vpn-sessiondb logoff webvpn

please do not forget to rate.
0 Helpful

Go to solution
danielbusisa1410
Level 1
Level 1
In response to Sheraz.Salim

‎07-22-2020 10:39 AM

Hi Sheraz,

 

Is it possible if do it automatically? when user off and close the browser, the tunnel vpn will go offline 

Can you give me a documentation or some refference to do it

 

Thank you very much

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to danielbusisa1410

‎07-22-2020 05:29 AM

You could adjust the idle timeout setting in the group policy assigned to the clientless ssl vpn connection profile.  By default this is set to 30 minutes.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
danielbusisa1410
Level 1
Level 1
In response to Marius Gunnerud

‎07-22-2020 10:41 AM

Hi Marius,

 

you mean make the idle timeout is fast then the default, for example i make the idle timeout 5 minutes and the tunnel will down ?

 

Thank you

0 Helpful

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to danielbusisa1410

‎07-22-2020 11:34 AM - edited ‎07-22-2020 11:38 AM

vpn-idle-timeout 30 = the amount of time the vpn connection is idle ie. if no activity seen/noted on the tunnel, before it is disconnected.

 

vpn-session-timeout 900 = the amount of time the VPN tunnel is allowed to stay up regardless of whether there is activity or not.

 

Both times are in minutes. So setting vpn-session-timeout to none as on the other device means the session time is unlimited.

 

you can have a look the command is "show run all group-policy"

group-policy DfltGrpPolicy internal
group-policy DfltGrpPolicy attributes
 banner none
 wins-server none
 dns-server none
 dhcp-network-scope none
 vpn-access-hours none
 vpn-simultaneous-logins 3
 vpn-idle-timeout 30
 vpn-idle-timeout alert-interval 1
 vpn-session-timeout none
 vpn-session-timeout alert-interval 1
!
group-policy GroupPolicy_Preston_Profile internal
group-policy GroupPolicy_Preston_Profile attributes
wins-server value 192.168.100.72
dns-server value 192.168.100.72
vpn-idle-timeout 1
vpn-tunnel-protocol ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value INTERNAL
default-domain value cdyz5.ddns.net
no vpn-simultaneous-login-delete-no-delay
anyconnect-custom DeferredUpdateAllowed value def-allowed
anyconnect-custom DeferredUpdateDismissTimeout value def-timeout
webvpn
anyconnect ssl dtls enable
anyconnect dtls compression lzs
anyconnect profiles value Preston_Profile_client_profile type user

 

please do not forget to rate.
0 Helpful

Go to solution
danielbusisa1410
Level 1
Level 1
In response to Sheraz.Salim

‎07-22-2020 12:14 PM

Hi Sheraz,

 

Thank you for your reply , i will try it and i will inform you later.

 

 

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to danielbusisa1410

‎07-24-2020 12:13 PM

Yes change the value to something you desire that is less than the default and the tunnel will be torn down.  Just keep in mind that if the user leaves their PC for lunch, the ssl vpn is most likely no longer active and you might end up getting a lot of requests to change that behavior.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card