Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3006
Views
0
Helpful
5
Replies

Connection timeout ASA5520

wbourguibartic
Level 1
Level 1

‎10-26-2011 07:55 AM - last edited on ‎03-25-2019 05:47 PM by Community Manager

Hello,

I configured multiple vlan on my Cisco ASA5520. Everything work perfectly except RDP (3389) connections.

The connections are established but but after a period of inactivity, the user is disconnected from server (black screen).

The same problem happens with other type of connections (client/server), exemple : Oracle, file sharing..

Before installing the ASA, computers and servers were in the same vlan and it worked well.

There's a notion of inter vlan timeout connection ?

Thanks for help.

Labels:
0 Helpful
5 Replies 5

mvsheik123
Level 7
Level 7

‎10-26-2011 08:07 AM

Hello,

See if the 'troubleshoot' section of the below doc works.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807d287e.shtml

hth

MS

0 Helpful

wbourguibartic
Level 1
Level 1
In response to mvsheik123

‎10-27-2011 12:39 AM

Hello,

I applied this command :

timeout conn 10:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

No disconnection between machines on the same vlan, but it still the case for machines on different vlan.

Does thie has relation with MTU size ?

Thanks.

0 Helpful

caseth0102
Level 1
Level 1
In response to wbourguibartic

‎11-02-2011 04:04 PM

Hi-

How long before your RDP sessions time out? The 'timeout conn 0' command should be issued if you wish TCP connections to 'never' timeout. Keep in mind as well, that your machines that 'aren't' timing out, that are on the same VLAN 'do not' hit the firewall because it's a Layer-2 broadcast between hosts on that segment. Crossing VLANs that are owned (or routed) by ASA will be Layer-3 traffic causing the packets to traverse the firewall. Let me know how it goes. Thanks.

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to caseth0102

‎11-02-2011 04:14 PM

Not a good practice to leave the connections idle on the firewall for a long period of time (more than the default). Check on the logs and see what is the reason of the teardown of the connecition. Also, you can setup DCD (Dead connection detection) between the host and if the connection is still up the ASA wont torn it down.

Mike

Mike
0 Helpful

caseth0102
Level 1
Level 1
In response to Maykol Rojas

‎11-02-2011 04:39 PM

I agree it's not good practice, or the 'timeout conn' can be increased. I suspect the issue here is an 'idle' connection.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card