VPN seesion problem.

sateeshk10 · ‎04-13-2009

Hi,

I have a site to site VPN configured which is working fine. But i have small issue..

Database servers are suituated at both the locations and always session to be establised. it should not disconnect.

But here its getting disconnect every one hour and restablising the same. Due to which i am lossing some repoerts etc..again they to restablish...

I have configured the lifetime as 86400sec.

Is there anyway which i can increase the conn timeout to infinity?

DB-FW-----FW--DB

Regards

sateesh

Ivan Martinon · ‎04-13-2009

Do you see the tunnel bouncing when the application does? What are the vpn peers? ASA IOS routers?

sateeshk10 · ‎04-13-2009

Hi,

Tunnel is fine. only DB server session getting disconnect.

PIX 525 - 7.2(4) --A

PIX 525 - 6.3(3) -- B

One more thing both the ends connection limit is 1hr.I hope if i increase the conn limit it may resolve the issue.

Any suggestions are welcome..

Regards

sateesh

Ivan Martinon · ‎04-13-2009

So then your problem is not with SA's being deleted hence no need to adjust the lifetime, your problem might lie on TCP idle connection, what is the setup for the connection timeouts on your firewalls? is the default set to 1 hour? Does this connection (DB) remains active or idle?

sateeshk10 · ‎04-13-2009

Hi,

I am also suspecting the same. By default idle conn timeout is 1hr.

My db conn reamin in idle mode.

Now i am correlating the same. Instially I planning to check for DB session 1hr idle . After that again I will try for DB session 30min idle timeout. So that we will come to know that if it is getting disconnect every 1hr then we can suspect conn idle time.. if it is getting disconnect at 30 min means..we need look into other perameters.

I appreciate your prompt responses..

Regards

sateesh