PIX causing telnet through VPN to timeout???

Discussion in 'Cisco' started by Bob Mariotti, Feb 17, 2005.

  1. Bob Mariotti

    Bob Mariotti Guest

    Gentlemen;

    I have a client who had VPN's setup through their routers and their
    remote offices would telnet in through the tunnel. Worked great.

    They have recently installed a Cisco PIX firewall and moved the VPN's
    from the local router to the PIX box. Still works OK.

    However, since that move, idle users at the remote locations are being
    disconnected. They are forced to re-establish their connection and
    login again when this happens. Didn't happen before.

    What is it that the PIX might be doing to cause this? And, what needs
    to be changed to correct this and eliminate the timeout issue?

    Thanks in advance.

    signed: non-cisco technie.
     
    Bob Mariotti, Feb 17, 2005
    #1
    1. Advertising

  2. In article <1108662985.5ec895206e3ffc408625bb1699a3b3dd@teranews>,
    Bob Mariotti <> wrote:
    :They have recently installed a Cisco PIX firewall and moved the VPN's
    :from the local router to the PIX box. Still works OK.

    :However, since that move, idle users at the remote locations are being
    :disconnected.

    :What is it that the PIX might be doing to cause this? And, what needs
    :to be changed to correct this and eliminate the timeout issue?

    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/tz.htm#wp1026093

    To prevent this from happening, use

    timeout conn 0:0:0

    Note that if a system with an idle connection is rebooted, then
    the system is not necessarily going to smoothly close down all of its
    TCP connections. The result could be inaccessible TCP connections
    left permanently open on the PIX, since the PIX would not know to
    clean up the dead connection if you turn off connection timeouts.
    --
    Pity the poor electron, floating around minding its own business for
    billions of years; and then suddenly Bam!! -- annihilated just so
    you could read this posting.
     
    Walter Roberson, Feb 17, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. This Old Man

    telnet through two VPN tunnels?

    This Old Man, Oct 17, 2003, in forum: Cisco
    Replies:
    1
    Views:
    485
    Walter Roberson
    Oct 17, 2003
  2. Paul Clancy
    Replies:
    2
    Views:
    5,013
  3. JJ

    Telnet Through PIX

    JJ, Jun 8, 2004, in forum: Cisco
    Replies:
    1
    Views:
    1,770
    Walter Roberson
    Jun 8, 2004
  4. Dom Cressatti
    Replies:
    4
    Views:
    2,067
    AnyBody43
    Jun 17, 2004
  5. Jack B. Pollack
    Replies:
    4
    Views:
    1,256
    Zaltor
    Jul 24, 2003
Loading...

Share This Page