cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2669
Views
0
Helpful
3
Replies

SOLVED: ssh timeout issues - traffic through the device

Hi guys,

I upgraded our Cisco ASA 5520 with a Cisco ASA 5585. Though both ASA were configured with default TCP Idle Connection Timeout values people are now starting to complaint that idle SSH connections are being terminated. They are claiming it didn't occur with the old firewall. I would like to know if there is something related to IOS or a bug etc

New ASA
ASA5585
Cisco Adaptive Security Appliance Software Version 9.2(2)

Old ASA
ASA5520
ASA Version 9.1(3)

Command set for idle connection in a policy map is below

set connection timeout idle 0:05:00 reset dcd 0:00:15 3

Thanks,

Dario Vanin

3 REPLIES 3
Vibhor Amrodia
Cisco Employee

Hi ,

I think you should check the SSH timeout value for the IDLE SSH timeout.

Also , TCP conn timeout value.

Thanks and Regards,

Vibhor Amrodia

The issue can be easily resolved by not touching the firewall at all:

 

enable ssh keppalive on either the ssh server or ssh client.  set the keepalive to every 30 seconds.

 

That will easily resolve the issue.

Solved. The policy map was for other types of traffic. I solved the problem creating a new policy map for ssh traffic only.

Note: the problem was not about traffic to the device, but traffic through the device.

Create
Recognize Your Peers
Content for Community-Ad