Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3874
Views
0
Helpful
3
Replies

SOLVED: ssh timeout issues - traffic through the device

Dario Francesco Vanin
Level 1
Level 1

‎03-01-2015 07:33 PM - edited ‎03-11-2019 10:34 PM

Hi guys,

I upgraded our Cisco ASA 5520 with a Cisco ASA 5585. Though both ASA were configured with default TCP Idle Connection Timeout values people are now starting to complaint that idle SSH connections are being terminated. They are claiming it didn't occur with the old firewall. I would like to know if there is something related to IOS or a bug etc

New ASA
ASA5585
Cisco Adaptive Security Appliance Software Version 9.2(2)

Old ASA
ASA5520
ASA Version 9.1(3)

Command set for idle connection in a policy map is below

set connection timeout idle 0:05:00 reset dcd 0:00:15 3

Thanks,

Dario Vanin

Labels:
0 Helpful
3 Replies 3

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎03-03-2015 03:22 AM

Hi ,

I think you should check the SSH timeout value for the IDLE SSH timeout.

Also , TCP conn timeout value.

Thanks and Regards,

Vibhor Amrodia

0 Helpful

cciesec2011
Level 3
Level 3
In response to Vibhor Amrodia

‎03-18-2015 02:30 AM

The issue can be easily resolved by not touching the firewall at all:

 

enable ssh keppalive on either the ssh server or ssh client.  set the keepalive to every 30 seconds.

 

That will easily resolve the issue.

0 Helpful

Dario Francesco Vanin
Level 1
Level 1

‎03-17-2015 07:49 PM

Solved. The policy map was for other types of traffic. I solved the problem creating a new policy map for ssh traffic only.

Note: the problem was not about traffic to the device, but traffic through the device.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card