Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1502
Views
5
Helpful
2
Replies

Firepower 2110 RAVPN disconnects users after 30min

Go to solution
jdonjuanl
Level 1
Level 1

‎10-03-2019 09:16 AM - edited ‎02-21-2020 09:33 AM

Hello

 

We configure a RAVPN solution using Firepower 2110 v6.2.2.10 managed via FMC.

The AnyConnect establishe a connection but after 30min the user gets disconnected and the next message appears...

"The secure gateway has terminated the VPN connection. The following message was received from the secure gateway: Max time exceeded"

 

We are using the default group policy (DfltGrpPolicy) and do not define a "max connection time" the only value defined is the idle time out as 30min.

 

We tray to define a "max connection time" value but the connection does not take the change.

 

It is important to mention that the autentication is vía ISE as RADIUS server.

 

Any ideas of how to solve this issue.

 

Regards

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jdonjuanl
Level 1
Level 1

‎10-07-2019 01:35 PM

Hello

Just to inform, we identify the issue and the solution.

ISE was adding the "Connection Time Out" option, once the ISE admin identify the error they change the value to 4hrs because the client requested.

 

Thanks.

View solution in original post

2 Replies 2

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎10-03-2019 12:19 PM

Hi there! Two things I can recommend:

1. Upgrade to one of the recommended releases of Firepower (6.2.3.x or 6.4.0.4). There many defects that were resolved with these releases and it is possible that you are hitting one of them. In general, it is always best practice to run a recommended release

2. Contact TAC for assistance and have the support engineer dig into the issue and confirm if you are hitting a defect that is addressed in a newer release

I hope this helps!

Thank you for rating helpful posts!

0 Helpful

Go to solution
jdonjuanl
Level 1
Level 1

‎10-07-2019 01:35 PM

Hello

Just to inform, we identify the issue and the solution.

ISE was adding the "Connection Time Out" option, once the ISE admin identify the error they change the value to 4hrs because the client requested.

 

Thanks.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card