Hung Remote Access Connections

vpoon87 · ‎01-09-2013

Hi all,

A lot of times our users will have a bad connection from where they are connecting in from. Their Internet connection will drop and the VPN Client disconnects but on our Cisco ASA5520, the connection will still be connected and when their Internet connections comes back, they are not able to connect as the session is still up on the 5520. Is there a way to make the connection clear quicker? I have IKE Keepalives on the RA Profile (Confidence 300 seconds, Retry Interval 2 seconds) but it seems to keep the session longer than that. Is there anything I can do to make the connection clear quicker?

Thanks

Victor

Jouni Forss · ‎01-09-2013

Hi,

I haven't tried this myself but you could have a try at setting the "vpn-idle-timeout " either under the ASA LOCAL username attributes or the VPN group-policy on the ASA and see if that has some effect to this.

- Jouni

Andrew Phirsov · ‎01-09-2013

If you've applied that DPD parameters to correct group-policy/users connections will time out correspondingly. For your environment i think that it worth to shorten DPD settings to threshold 10 and retry 2 (as min as possible) due to flapping internet connections on client sites. Plus, as said in previos post, u can set vpn-idle-timeout to some minutes, but it's not technically related to your problem.