Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3054
Views
1
Helpful
7
Replies

AnyConnect timeout on iPad, iPhone, iPod

MikeM-2468
Level 1
Level 1

‎04-19-2011 07:39 AM - edited ‎02-21-2020 05:17 PM

I've got AnyConnect running on the ASA 5510.  I've set an idle timeout on the VPN group that I use for i devices.  This timeout doesn't seem to be getting applied.  I power on the device, connect the VPN and leave it sit and it never disconnects.  Is there something I can check?

Labels:
0 Helpful
7 Replies 7

andamani
Cisco Employee
Cisco Employee

‎04-20-2011 07:21 AM

Hi,

You can try running the wireshark on the client and see if there is no traffic and it is actually sitting idle or not. you can also apply captures on the ASA and check.

hope it helps.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved.Do rate helpful posts.

0 Helpful

MikeM-2468
Level 1
Level 1

‎04-20-2011 07:21 AM

After speaking with Cisco support, it appears that something is passing traffic and keeping the VPN alive.  Captures on the inside in

terface of the ASA show no traffic from the device.  Captures on the outside interface show traffic to port 443 from the device to the ASA.  Can I get more detailed captures so that I can see what type of traffic is being sent?  Maybe something that will show me the destination IP of the packets?

0 Helpful

andamani
Cisco Employee
Cisco Employee
In response to MikeM-2468

‎04-20-2011 08:55 AM

Hi,

I would suggest apply bidirectional captures.

access-list capi permit ip

access-list capi permit ip

capture capin access-li capi interface inside buffer 33554430.

you can check the captures on the ASA by "sh cap capin". if you want more detail of the packets. you can check the capture in the pcap format.

https:///capture/capin/pcap

Hope this helps.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

MikeM-2468
Level 1
Level 1
In response to andamani

‎04-20-2011 08:58 AM

The captures on the inside interface show 0 packets.  Captures on the outside interface show packets hitting the outside interface on port 443, but nothing else.

0 Helpful

MikeM-2468
Level 1
Level 1
In response to andamani

‎04-21-2011 06:08 AM

On further analysis, I see the same packets hitting the outside interface of the ASA even while the inactivity timer is going up.  It doesn't look like those packets are keeping the connection alive.  There must be something else going on.

0 Helpful

AdrianCOP
Level 1
Level 1
In response to MikeM-2468

‎11-20-2012 04:42 PM

Hi Mike,

Over a year later but we apparently have the same issue you were seeing.  Did you figure out what the problem was that was stopping the VPN from tearing down? 

We see this intermittently on our iPhones and iPad’s, although it seems to crop up pretty regularly.

A

0 Helpful

MikeM-2468
Level 1
Level 1
In response to AdrianCOP

‎11-21-2012 05:31 AM

No.  I gave up.  There was no real user impact.

0 Helpful
Customers Also Viewed These Support Documents