Seem 4.1.1.01 still have not slove the connection drop problem.

Telnet and database idle connection dropd around 30 mins. If I disable the SPI firewall function, all connection fine.

Hey

any ideas or fix that you've seen ?

I had Contact with cisco eng'r, they manual change the router setting(not show in web based,only cisco can change this).

then my drop connection problem sloved.

They reply the next version FW will fix this.

but release date not confirm.

Can you tell me exactly where to call and/or who/what to ask for?

Thanks in advance.

Sorry, I do not know.  Joe So, who did you call ?

Thanks

I had conact with cisco online support and they send me a email follow up.

they help me change the router setting and I tested work fine.

I replied them asking the new version FW release date.

but not yet received reply.

Hello Joe,

The connection drop issue you have reported is not an issue with the device rather it is a security feature on the firewall. Typically, every firewall closes the idle TCP connections after a set time (TCP idle timeout value) to prevent TCP based attacks. This will also help in freeing up the resources at the router (This is a normal Stateful Packet Inspection firewall functionality). When SPI is disabled, the firewall stops monitoring the connections thereby allowing long TCP connections even when the connection is idle. However, that opens up the firewall for attacks from the internet.

At this time, we do not have any knowledge of a firmware that would change this behavior. If you would like any further details, please feel free to contact the SBSC and have them elaborate on this topic. If need be, please feel free to request them to escalate the Service Request so one of our L2 Engineers can provide further explanation.

Hope this helps.

Regards,

Nagaraja

Dear Nagaraja

Thanks your reply.

As the Engineer contacted with me.

He help change the TCP time out value on my routers, and let me test the result.

But we have many RV042 V1, do not have the drop connection report.

Only happens on V3 hardware. we must to fix this, I think any connection through VPN shuold be like local network connection, right?

Rgds

Joe

Hey NagaraJa

You are incorrect.  I think we all understand SPI in this thread.

If you read my original post, you'll see that the problem arose with the new V3 boxes.

I have about 20 or more of the older model maintaining gateway to gateway tunnels with SPI turned on.  These tunnels don't drop unless there is a line outage on one side or the other.

Upon further testing, we see that the tunnels will drop between 58 and 59 minutes of inactivity or low activity.

You must mean then, that SPI never worked on the older models right ?

This makes this product unusable for gateway to gateway tunneling.

Please don't add meaningless posts to the thread.  We need a fix from Cisco on this.

Hello Jor,

If you read my response, I was addressing Joe's question about idle connections dropping out through the VPN tunnel. That is due to the SPI functionality. The tunnel dropping after inactivity is a different issue and Te-Kai has attempted to answer that question earlier. If that issue is still unresolved, please feel free to contact SBSC and request assistance.

Hope this helps.

Regards,

Nagaraja

Is it normal the SPI firewall Inspect connection through VPN, and drop idle session?

How comes a safety private network connection can be drop?

You wrote in an earlier post that a Cisco engineer fixed the problem for you.  Can you give me a name or a technical support reference noumber?  I think I need the same fix, but my SBSC contact does not seem to be able to track down this patch.  Thank you.

That only a temporary fix on the router.after u factory reset the router still same.

they have not create a case for check my case reported.

I have no idea why a SMB devices can wrong inspect connection session allowed by firewall, and make it drop.