I have checked that first . They actually use a telnet session using procom to get to the unix box I have also checked the software to see if there was any thing there that was causing this.

They use to be connected ADSL to a hub site and frame to their host when it was set up that way there was no issue.

They can be idle for hours and hours without the disconnect .

Now the only thing I did not do was reboot the f/wall , I did save the config though. U dont think that I need to reboot the darn thing do u.

I have also discovered something else . When the users are being disconnected the f/wall still shows the connections as up and being idle for some period . Again any ideas.

Allo Ann-Marie,

1) Is there a third party involved in the telnet session? If the answer is yes, you should check what is the amount of idle-timeout set on that device. The pix must have a longer idle-timeout than all other devices.

2) You may also put a sniffer to check a connection-FIN flag from the hosts. This will prove the PIX isn't in error but comes from the application running on the device.

Michel

They use Procomm 4.8 which I also have on my laptop and I have gone thru everything to see if there is an idle timeout or anything like that on procomm and there isnt. And when they were on their private network they did not get disconnected when they were idle . This only started when we took over their network.

No it is only users that are away for over 1 hour.

ok.. to check if this is really a VPN issue, the client can do a ping with "-t" option (in wondows) and go away from comp. you can even use a redirection pipe (>) to send it to a file ( i understand it eats up HDD, but ok for testing). after sometime check the file. if there is a continuous "no response" for more than 10-15 pings... u can doubt the vpn.

I have the same problem but it is a firewall, not a VPN issue. We moved a site that worked fine off a T-1 to a gig fiber connection coming through a FWSM and we started getting these errors on emulator connections to AIX box. Three emulators later and the same error occurs. I have changed the timeouts on the FWSM PIX but no luck. I hope this thread is kept up. I could use some help on this one also.

I was thinking about NAT time out is issue.But thant is not a case.Is anyone has Case with TAC and might have some soutions. Becase I used not only third party applications but use putty to keep going null packes all times and same issue.

No luck on other website too.

I have a similar situation. Using a PIX 501 with a VPN tunnel to a Watchguard Firebox 1000. PCs are using AccuTerm but I have also used Hyperterm and Eterm with same result. Here is what I have found so far. I also have Wyse terminals connected through terminal servers which do not lose connectivity. PCs only lose connection if there is no activity on the connection to the AIX. The problem only started when I introduced the PIX/VPN connection and happens at all 5 of my sites now. If I set the terminal emulator to access the AIX directly, i.e. use NAT/PAT on the Firebox with a telnet port to the IBM, the problem is resolved, however this little security breach fix is unnacceptable. I also have 2 sites that do not have PIX units which do not have this problem.