No, this is not an ssh connection. It is a telnet- based connection. And, the client has no timeout setting that can be configured.

Ok, well same difference. Look for a timeout on the server side. The reason I suggest this is because you say it happens when people walk away into the warehouse, therefore leaving an idle session.

Looking for timeouts everywhere was the first thing we did. What compounds the problem is that many locations with tunnels are not affected. Only about 20 out ouf 160 locations have this problem. And, if we move the tunnels to terminate on our VPN3005 concentrator, we have no problem at all. But, we want to use the ASA (support for 750 tunnels).

I had a similar problem with one of our site to site tunnels. I had to increase the SA lifetime from 2 hours to 12 hours and the Telnet sessions seemed to work fine after that. Initially we thought the issue was with session timeouts but clearing the tunnel always fixed it.

hope this helps.

Ankit

I don't see where this can be configured on my router or on my ASA. If it is an IKE configuration, that command doesn't seem to be available on my Cisco 871 router.

crypto map outside_map 60 set security-association lifetime seconds 43200

this command is available on ASA. you can also configure this using the ASDM.

Now that you mention the particular command, this is something that I have tried before without success. I actually ran the time up to 99+ hours. Still, although the tunnel stays up, individual telnet user sessions drop. That remains the problem. All this said, I'll try this command again on a few of my tunnels. I probably won't make the change now until over the weekend.

Good point! I didn't think of that. I'm working an odd shift tomorrow so I'll give that a try early tomorrow morning. Thanks.

FINALLY - This resolved my issue. I've moved several locations that were having problems back to the ASA with the synchronized SA lifetime seconds and I haven't have a complaint is several weeks. Thanks!