Hi,
the dead peer detection with IPsec-Clients works very well on our ASA 5520. In contrary to this, DPD does not work when Anyconnect-Clients lose their SSL-VPN connection (e.g. when their LAN cable is pulled off). Although we set the appropriate settings, even 20 minutes after plugging out the client's cable the ASA tells us, that the connection is still there. The settings are:
group-policy SSLVPN_GROUP_POLICY attributes
dns-server value x.x.x.x
vpn-idle-timeout 30
vpn-session-timeout 1440
vpn-tunnel-protocol svc webvpn
webvpn
url-list value xxx
svc dpd-interval gateway 10
svc ask enable default svc timeout 10
Is there anything wrong with the settings?
Which settings should basically be in the config, to activate dpd/keepalive on SSL-VPN connections?
Thanks in advance!
Marco