Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1129
Views
0
Helpful
2
Replies

Cisco ASA VPN Session Time

UniWAQ
Level 1
Level 1

‎07-12-2016 02:34 PM

Hi Team, 

I deployed ASA for VPN Services , but I am facing problem that VPN Session will be disconnected in 2 3 times . I want that this session will never be disconnected or expired. Is this possible that if disconnected it will automatically connected again .  

Is any message I can configure when VPN Connection disconnected to show some infromation to VPN Users . Please see the attached configuration for VPN Session. 

Thanks in advance.

Labels:
Preview file
47 KB
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎07-13-2016 07:54 PM

Does the client say it is disconnecting because of maximum or idle time?  if may be that the users Internet connection is not stable enough to maintain a long connection.

Just set those values high, such as 86400 (24 hours) in the screen shot you attached.

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎07-13-2016 09:42 PM

Hi,

As per your config you are using Anyconnect VPN.

AnyConnect will attempt to reconnect if the connection is disrupted. This is not configurable, automatically. As long as the VPN session on the ASA is still valid and if AnyConnect can re-establish the physical connection, the VPN session will be resumed.

The reconnect feature continues until the session timeout or the disconnect timeout, which is actually the idle timeout, expires (or 30 minutes if no timeouts are configured). Once these expire, you should not continue because the ASA will have dropped the VPN session. The client will continue as long as it thinks the ASA still has the VPN session.

AnyConnect will reconnect no matter how the network interface changes. It does not matter if the IP address of the Network Interface Card (NIC) changes, or if connectivity switches from one NIC to another NIC (wireless to wired or vice versa).

You need to check the reason why this is happening in first place.

Try checking the syslogs on the ASA, there is a known issue with Anyconnect MTU issue:

https://supportforums.cisco.com/discussion/11802006/anyconnect-client-reconnects-after-1-minute

Regards,

Aditya

Please rate helpful posts and mark correct answers.

0 Helpful
Customers Also Viewed These Support Documents