12-18-2012 12:28 AM
Hello!
I am trying to figure out - what is going on with TCP sessions on ASA when VPN client who patricipate in it disconnects and then reconnect again. It seems that ASA doesn't delete this TCP session from Conn table. Instead it waits for next packet within this connection and drops it with reason "Tunnel has been torn down" and then deletes session from Conn. So, is it any way to force it to clear TCP-session immediately if client disconnects or not to drop it after reconnection?
12-18-2012 08:32 AM
Do the users disconnects the client themselves or the vpn connection just drops and then you face this tcp issue?
12-18-2012 08:48 AM
Also try configuring DCD, hope it helps:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s1.html#wp1429883
12-18-2012 10:34 AM
We are working on it now, but it seems not working for unknown reason. I don't have access to device, just consult my client. Is there any verification and debuging advice for this feature? I have not found it.
12-19-2012 08:57 AM
I will look in to any valid proof if I have but reading the description seems to solve the issue.
12-18-2012 10:32 AM
We face this issue when vpn tunnel drops. But even if VPN connection closes gacefully ASA still keeps the connection in its conn table but restrict to reuse it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide