09-29-2016 11:27 PM - edited 03-12-2019 01:20 AM
HI
I have a ASA use the anyconnect to do SSLVPN
AnyConnect-Parent Tunnels: 1
AnyConnect-Parent:
Tunnel ID : 1851.1
Public IP : 218.1.37.214
Encryption : none Hashing : none
TCP Src Port : 58885 TCP Dst Port : 443
Auth Mode : userPassword
Idle Time Out: 30 Minutes Idle TO Left : 0 Minutes
Client OS : win
Client OS Ver: 6.1.7601 Service Pack 1
Client Type : AnyConnect
Client Ver : Cisco AnyConnect VPN Agent for Windows 4.2.05015
Bytes Tx : 6631 Bytes Rx : 0
Pkts Tx : 5 Pkts Rx : 0
Pkts Tx Drop : 0 Pkts Rx Drop : 0
group-policy vpn-ct-policy internal
group-policy vpn-ct-policy attributes
wins-server none
dns-server value 202.120.80.2 202.120.81.2
vpn-simultaneous-logins 3
vpn-tunnel-protocol ssl-client
default-domain value vpn-ct.ecnu.edu.cn
address-pools value vpn-ct
webvpn
anyconnect ssl keepalive 150
we can see the idle time is 0 minutes but it not discconect
how can me resolve it ?thks
09-30-2016 12:05 AM
Hi,
Can you share the output of show
IDLE timeout is used to disconnect the SSL VPN tunnel.
However, remember that it is not only the SSL-Tunnel that must idle
Regards,
Aditya
Please rate helpful posts and mark correct answers.
10-04-2016 01:38 AM
HI, Aditya
I'm so sorry to reply late
this is my logging
Session Type: AnyConnect Detailed
Username : 10130340102 Index : 1851
Assigned IP : 49.52.14.227 Public IP : 218.1.37.214
Protocol : AnyConnect-Parent
License : AnyConnect Premium
Encryption : AnyConnect-Parent: (1)none
Hashing : AnyConnect-Parent: (1)none
Bytes Tx : 191925224 Bytes Rx : 12691767
Pkts Tx : 177599 Pkts Rx : 115411
Pkts Tx Drop : 6645 Pkts Rx Drop : 0
Group Policy : vpn-ct-policy Tunnel Group : vpn-ct
Login Time : 01:55:21 UTC Thu Sep 29 2016
Duration : 5d 3h:04m:25s
Inactivity : 0h:00m:00s
VLAN Mapping : N/A VLAN : none
Audt Sess ID : ca7858a10073b00057ec7489
Security Grp : none
AnyConnect-Parent Tunnels: 1
AnyConnect-Parent:
Tunnel ID : 1851.1
Public IP : 218.1.37.214
<--- More --->
Cisco-VPN/vpn-ct# show vpn-sessiondb detail anyconnect
Session Type: AnyConnect Detailed
Username : 10130340102 Index : 1851
Assigned IP : 49.52.14.227 Public IP : 218.1.37.214
Protocol : AnyConnect-Parent
License : AnyConnect Premium
Encryption : AnyConnect-Parent: (1)none
Hashing : AnyConnect-Parent: (1)none
Bytes Tx : 191925224 Bytes Rx : 12691767
Pkts Tx : 177599 Pkts Rx : 115411
Pkts Tx Drop : 6645 Pkts Rx Drop : 0
Group Policy : vpn-ct-policy Tunnel Group : vpn-ct
Login Time : 01:55:21 UTC Thu Sep 29 2016
Duration : 5d 3h:04m:27s
Inactivity : 0h:00m:00s
VLAN Mapping : N/A VLAN : none
Audt Sess ID : ca7858a10073b00057ec7489
Security Grp : none
AnyConnect-Parent Tunnels: 1
AnyConnect-Parent:
Tunnel ID : 1851.1
Public IP : 218.1.37.214
<--- More --->
Encryption : none Hashing : none
TCP Src Port : 58885 TCP Dst Port : 443
Auth Mode : userPassword
Idle Time Out: 30 Minutes Idle TO Left : 0 Minutes
Client OS : win
Client OS Ver: 6.1.7601 Service Pack 1
Client Type : AnyConnect
Client Ver : Cisco AnyConnect VPN Agent for Windows 4.2.05015
Bytes Tx : 6631 Bytes Rx : 0
Pkts Tx : 5 Pkts Rx : 0
Pkts Tx Drop : 0 Pkts Rx Drop : 0
Username : 52130601018 Index : 1866
Assigned IP : 49.52.14.236 Public IP : 180.160.53.58
Protocol : AnyConnect-Parent
License : AnyConnect Premium, AnyConnect for Mobile
Encryption : AnyConnect-Parent: (1)none
Hashing : AnyConnect-Parent: (1)none
Bytes Tx : 18190267 Bytes Rx : 2572946
Pkts Tx : 26185 Pkts Rx : 23314
Pkts Tx Drop : 562 Pkts Rx Drop : 0
Group Policy : vpn-ct-policy Tunnel Group : vpn-ct
Login Time : 03:52:27 UTC Thu Sep 29 2016
Duration : 5d 1h:07m:21s
<--- More --->
Inactivity : 0h:00m:00s
VLAN Mapping : N/A VLAN : none
Audt Sess ID : ca7858a10074a00057ec8ffb
Security Grp : none
AnyConnect-Parent Tunnels: 1
AnyConnect-Parent:
Tunnel ID : 1866.1
Public IP : 180.160.53.58
Encryption : none Hashing : none
TCP Src Port : 43028 TCP Dst Port : 443
Auth Mode : userPassword
Idle Time Out: 30 Minutes Idle TO Left : 0 Minutes
Client OS : android
Client OS Ver: 4.4.2
Client Type : AnyConnect
Client Ver : Cisco AnyConnect VPN Agent for Android 4.0.05015
Bytes Tx : 1575 Bytes Rx : 0
Pkts Tx : 2 Pkts Rx : 0
Pkts Tx Drop : 0 Pkts Rx Drop : 0
Username : 51143400039 Index : 1867
Assigned IP : 49.52.14.232 Public IP : 180.160.71.194
<--- More --->
Protocol : AnyConnect-Parent
License : AnyConnect Premium
Encryption : AnyConnect-Parent: (1)none
Hashing : AnyConnect-Parent: (1)none
Bytes Tx : 34910677 Bytes Rx : 9143830
Pkts Tx : 44151 Pkts Rx : 33324
Pkts Tx Drop : 1258 Pkts Rx Drop : 0
Group Policy : vpn-ct-policy Tunnel Group : vpn-ct
Login Time : 04:09:18 UTC Thu Sep 29 2016
Duration : 5d 0h:50m:30s
Inactivity : 0h:00m:00s
VLAN Mapping : N/A VLAN : none
Audt Sess ID : ca7858a10074b00057ec93ee
Security Grp : none
AnyConnect-Parent Tunnels: 1
AnyConnect-Parent:
Tunnel ID : 1867.1
Public IP : 180.160.71.194
Encryption : none Hashing : none
TCP Src Port : 61296 TCP Dst Port : 443
Auth Mode : userPassword
Idle Time Out: 30 Minutes Idle TO Left : 0 Minutes
<--- More --->
Client OS : win
Client OS Ver: 10.0.14393
Client Type : AnyConnect
Client Ver : Cisco AnyConnect VPN Agent for Windows 4.2.05015
Bytes Tx : 6631 Bytes Rx : 0
Pkts Tx : 5 Pkts Rx : 0
Pkts Tx Drop : 0 Pkts Rx Drop : 0
Username : 10132150124 Index : 1876
Assigned IP : 49.52.14.240 Public IP : 117.136.8.78
Protocol : AnyConnect-Parent
License : AnyConnect Premium, AnyConnect for Mobile
Encryption : AnyConnect-Parent: (1)none
Hashing : AnyConnect-Parent: (1)none
Bytes Tx : 490449 Bytes Rx : 69763
Pkts Tx : 542 Pkts Rx : 798
Pkts Tx Drop : 0 Pkts Rx Drop : 0
Group Policy : vpn-ct-policy Tunnel Group : vpn-ct
Login Time : 06:17:36 UTC Thu Sep 29 2016
Duration : 4d 22h:42m:12s
Inactivity : 0h:00m:00s
VLAN Mapping : N/A VLAN : none
Audt Sess ID : ca7858a10075400057ecb200
Security Grp : none
<--- More --->
AnyConnect-Parent Tunnels: 1
AnyConnect-Parent:
Tunnel ID : 1876.1
Public IP : 117.136.8.78
Encryption : none Hashing : none
TCP Src Port : 18996 TCP Dst Port : 443
Auth Mode : userPassword
Idle Time Out: 30 Minutes Idle TO Left : 0 Minutes
Client OS : apple-ios
Client OS Ver: 9.3.4
Client Type : AnyConnect
Client Ver : Cisco AnyConnect VPN Agent for Apple iPhone 4.0.05052
Bytes Tx : 1575 Bytes Rx : 0
Pkts Tx : 2 Pkts Rx : 0
Pkts Tx Drop : 0 Pkts Rx Drop : 0
Username : 10140330122 Index : 1885
Assigned IP : 49.52.14.235 Public IP : 180.160.47.55
Protocol : AnyConnect-Parent
License : AnyConnect Premium
Encryption : AnyConnect-Parent: (1)none
Hashing : AnyConnect-Parent: (1)none
<--- More --->
you can see my vpn seesion , when the idle time = 0 , but the session not disconnect
thanks
10-04-2016 06:04 AM
Hi,
Can you confirm if you see any increments in the RX/TX counters on the session ?
The idle timeout is not related to the inactivity time. The inactivity timer is used for displaying the session information of a disconnected user (disconnected due to network loss). When the user connection is interrupted and ASA does not see any DPDs the "SSL-Tunnel" to
Regards,
Aditya
Please rate helpful posts and mark correct answers.
10-05-2016 08:04 PM
HI
I'm confirm the client already haven't the packet for rx/tx, because of this client is my use process delete in the windows,then windows restart and shutdown anyconnect,but the asa not clear the seeson.
My ASA version is 9.5(2)
and this ASA have four context , two virtual context session is auto disconnect, and others is not ok
the error ASA is diffent of others,only client is through nat device to the ASA
top is
client ---- nat device --- ASA
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide