Solved: Firepower 2110 RAVPN disconnects users after 30min

jdonjuanl · ‎10-03-2019

Hello

We configure a RAVPN solution using Firepower 2110 v6.2.2.10 managed via FMC.

The AnyConnect establishe a connection but after 30min the user gets disconnected and the next message appears...

"The secure gateway has terminated the VPN connection. The following message was received from the secure gateway: Max time exceeded"

We are using the default group policy (DfltGrpPolicy) and do not define a "max connection time" the only value defined is the idle time out as 30min.

We tray to define a "max connection time" value but the connection does not take the change.

It is important to mention that the autentication is vía ISE as RADIUS server.

Any ideas of how to solve this issue.

Regards

jdonjuanl · ‎10-07-2019

Hello

Just to inform, we identify the issue and the solution.

ISE was adding the "Connection Time Out" option, once the ISE admin identify the error they change the value to 4hrs because the client requested.

Thanks.

View solution in original post

nspasov · ‎10-03-2019

Hi there! Two things I can recommend:

1. Upgrade to one of the recommended releases of Firepower (6.2.3.x or 6.4.0.4). There many defects that were resolved with these releases and it is possible that you are hitting one of them. In general, it is always best practice to run a recommended release

2. Contact TAC for assistance and have the support engineer dig into the issue and confirm if you are hitting a defect that is addressed in a newer release

I hope this helps!

Thank you for rating helpful posts!

jdonjuanl · ‎10-07-2019

Hello

Just to inform, we identify the issue and the solution.

ISE was adding the "Connection Time Out" option, once the ISE admin identify the error they change the value to 4hrs because the client requested.

Thanks.