I configured multiple vlan on my Cisco ASA5520. Everything work perfectly except RDP (3389) connections.
The connections are established but but after a period of inactivity, the user is disconnected from server (black screen).
The same problem happens with other type of connections (client/server), exemple : Oracle, file sharing..
Before installing the ASA, computers and servers were in the same vlan and it worked well.
There's a notion of inter vlan timeout connection ?
Thanks for help.
See if the 'troubleshoot' section of the below doc works.
I applied this command :
timeout conn 10:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
No disconnection between machines on the same vlan, but it still the case for machines on different vlan.
Does thie has relation with MTU size ?
How long before your RDP sessions time out? The 'timeout conn 0' command should be issued if you wish TCP connections to 'never' timeout. Keep in mind as well, that your machines that 'aren't' timing out, that are on the same VLAN 'do not' hit the firewall because it's a Layer-2 broadcast between hosts on that segment. Crossing VLANs that are owned (or routed) by ASA will be Layer-3 traffic causing the packets to traverse the firewall. Let me know how it goes. Thanks.
Not a good practice to leave the connections idle on the firewall for a long period of time (more than the default). Check on the logs and see what is the reason of the teardown of the connecition. Also, you can setup DCD (Dead connection detection) between the host and if the connection is still up the ASA wont torn it down.