I am trying to figure out - what is going on with TCP sessions on ASA when VPN client who patricipate in it disconnects and then reconnect again. It seems that ASA doesn't delete this TCP session from Conn table. Instead it waits for next packet within this connection and drops it with reason "Tunnel has been torn down" and then deletes session from Conn. So, is it any way to force it to clear TCP-session immediately if client disconnects or not to drop it after reconnection?
Do the users disconnects the client themselves or the vpn connection just drops and then you face this tcp issue?
Also try configuring DCD, hope it helps:
We are working on it now, but it seems not working for unknown reason. I don't have access to device, just consult my client. Is there any verification and debuging advice for this feature? I have not found it.
We face this issue when vpn tunnel drops. But even if VPN connection closes gacefully ASA still keeps the connection in its conn table but restrict to reuse it.