Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
8066
Views
5
Helpful
17
Replies

VPN session Timeouts

Go to solution
james.king14
Level 1
Level 1

‎03-17-2020 01:10 PM

I have many users that timeout once connected to VPN.  These have shown that from 2 to 34 minutes the connection will drop.  Yet when I look in the configuration of the ASA it shows:

 

group-policy GroupPolicy_unameit-VPN attributes
wins-server none
dns-server value 195.195.195.242 195.195.195.243
dhcp-network-scope 195.195.195.0   " There is not DHCP scope for servers they are static"
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout 720
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
default-domain value unameit.gov
address-pools value unameit-VPN

webvpn
url-list value Web-Based-Applications
filter none
anyconnect ask none default anyconnect
customization value unameit-Logo
url-entry enable
dynamic-access-policy-record unameit-VPN
description "CAC for VPN users"
priority 1

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
james.king14
Level 1
Level 1
In response to balaji.bandi

‎03-18-2020 12:06 PM

I rechecked the sessions and we found that simultaneous Logins was set to a
low number now we set to a higher than expected number and it seems to
work. At least for more than 34 minutes


View solution in original post

0 Helpful
17 Replies 17

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni

‎03-17-2020 01:15 PM

change your vpn-idle-timeout to 60 or 120 min.

please do not forget to rate.
0 Helpful

Go to solution
james.king14
Level 1
Level 1
In response to Sheraz.Salim

‎03-17-2020 01:32 PM

Thanks the user is still working, they would be actively working when the
session would disconnection.
0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎03-17-2020 01:16 PM

Hi,
Does this affect all users connected to the VPN at the sametime? This might indicate an issue with the ASA connection/configuration.

If not the issue could be local to the users (computer or ISP), if you run DART on the local computer and have a look at the logs.

HTH
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-17-2020 01:16 PM

as per the config 

 

you have set idle time out 30min and 720min (session to drop either idle or acive)

 

the disconnection has other reasons.

 

1. check the logs and see you can find any reasons.

2. this could ISP or DSL or client side connection issue also.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
james.king14
Level 1
Level 1
In response to balaji.bandi

‎03-17-2020 01:37 PM

I would be inclined to agree with you on that part but we ran a wireshark instance and found more fun problems.  But this week the server group reloaded all server and now everything times out from 2 minutes to about half a minute.

VPN errors.txt
Preview file
8 KB
0 Helpful

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to james.king14

‎03-17-2020 01:53 PM - edited ‎03-17-2020 01:54 PM

whats the anyconnect version you running?

and what is the ASA code?

 

Is it happen with a wired or a wireless connection? Also is it possible for you to upgrade a newer Anyconnect version and test?

please do not forget to rate.
0 Helpful

Go to solution
james.king14
Level 1
Level 1
In response to Sheraz.Salim

‎03-18-2020 05:10 AM

Good Morning,

I am running AC 4.6.01

And ASA code 9.8.3
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to james.king14

‎03-18-2020 05:32 AM

As long as ASA and Any connect concern it was stable and latest as per i know.

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect46/release/notes/b_Release_Notes_AnyConnect_4_6.html

 

Since you were mentioned due to some other department have recently changed something, is this authentication against LDAP/AD ?

 

or is there any uodate on end device like windows 10 ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
james.king14
Level 1
Level 1
In response to balaji.bandi

‎03-18-2020 06:01 AM

We are using only windows 10 devices and our authentication is AD. We are
not allowed to use LDAP anymore.
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to james.king14

‎03-18-2020 06:22 AM

check the debug Logs at ASA side also by take one user to understand.

 

check / Monitor  your WAN/Internet Bandwidth, Make sure it was not overloaded due to the situation around.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
james.king14
Level 1
Level 1
In response to balaji.bandi

‎03-18-2020 07:10 AM

I have been looking at the WAN/LAN connections and monitored the bandwidth. No high usage at this time.  I have the debug logs and nothing stands out?

0 Helpful

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to james.king14

‎03-18-2020 08:04 AM

worth trying upgrade the AC to 4.7 or 4.8

please do not forget to rate.
0 Helpful

Go to solution
james.king14
Level 1
Level 1
In response to Sheraz.Salim

‎03-18-2020 08:39 AM

I did and had to back to 4.6. It made the problem worse!

Once the VPN drops the user it give and error message.
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to james.king14

‎03-18-2020 09:08 AM

i would like to look what % of users having this issue, if all the users, something definatly wrong at head end, this may required some reboot of the ASA and Enable debug more granular to look the problem.

 

if only less users i may suspect far end internet connection due to market trends most of the ISP and internet links are going saturated also.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Top