WebVPN disconnecting

Discussion in 'Cisco' started by braydonsdad@gmail.com, Sep 4, 2009.

  1. Guest

    Remote VPN clients are disconnecting after several hours and I have to
    reboot ASA to reconnect:

    Here is the config

    ASA Version 7.2(4)
    !
    hostname atl-c5505-UL-unitedcred01
    domain-name avisiontechnologies.com
    enable password UsGnrewo07Cq.HHs encrypted
    passwd tlaCNFr3TmmDGvm/ encrypted
    names
    !
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.254.254 255.255.255.0
    !
    interface Vlan2
    nameif outside
    security-level 0
    ip address 97.66.57.130 255.255.255.248
    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    !
    interface Ethernet0/4
    !
    interface Ethernet0/5
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    !
    ftp mode passive
    dns server-group DefaultDNS
    domain-name avisiontechnologies.com
    access-list aclOUTSIDE extended permit icmp any any echo-reply
    access-list aclOUTSIDE extended permit icmp any any unreachable
    access-list aclINSIDE extended permit ip 192.168.254.0 255.255.255.0
    any
    access-list aclNONAT extended permit ip 192.168.254.0 255.255.255.0
    172.16.3.0 255.255.255.0
    access-list aclNONAT extended permit ip 192.168.254.0 255.255.255.0
    192.168.1.0 255.255.255.0
    access-list aclNONAT extended permit ip 192.168.254.0 255.255.255.0
    host 138.33.6.184
    access-list aclNONAT extended permit ip 192.168.254.0 255.255.255.0
    host 138.33.6.185
    access-list aclTOG extended permit ip 192.168.254.0 255.255.255.0
    192.168.1.0 255.255.255.0
    access-list aclTOG extended permit ip 192.168.254.0 255.255.255.0 host
    138.33.6.184
    access-list aclTOG extended permit ip 192.168.254.0 255.255.255.0 host
    138.33.6.185
    pager lines 24
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    ip local pool poolUCVPN 172.16.3.1-172.16.3.30
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-524.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list aclNONAT
    nat (inside) 1 0.0.0.0 0.0.0.0
    access-group aclINSIDE in interface inside
    access-group aclOUTSIDE in interface outside
    route outside 0.0.0.0 0.0.0.0 97.66.57.129 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
    0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-
    disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    http server enable
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set setVPN esp-des esp-md5-hmac
    crypto ipsec transform-set setTOG esp-aes-256 esp-sha-hmac
    crypto dynamic-map dynmapVPN 30 set transform-set setVPN
    crypto map mapVPN 2 match address aclTOG
    crypto map mapVPN 2 set peer 65.206.5.162
    crypto map mapVPN 2 set transform-set setTOG
    crypto map mapVPN 10 ipsec-isakmp dynamic dynmapVPN
    crypto map mapVPN interface outside
    crypto isakmp identity address
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption des
    hash md5
    group 2
    lifetime 86400
    crypto isakmp policy 11
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto isakmp nat-traversal 20
    telnet timeout 5
    ssh 192.168.254.0 255.255.255.0 inside
    ssh 68.166.6.24 255.255.255.248 outside
    ssh 69.25.95.0 255.255.255.224 outside
    ssh 0.0.0.0 0.0.0.0 outside
    ssh timeout 5
    console timeout 0
    dhcpd dns 205.152.37.23 205.152.132.23
    dhcpd ping_timeout 750
    dhcpd domain unitedcreditsystems.com
    !
    dhcpd address 192.168.254.1-192.168.254.128 inside
    dhcpd enable inside
    !

    webvpn
    enable outside
    group-policy vpnUCRemote internal
    group-policy vpnUCRemote attributes
    vpn-idle-timeout 1440
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value aclNONAT
    username united password ZMpvczAGlj2iP.An encrypted
    tunnel-group vpnUCRemote type ipsec-ra
    tunnel-group vpnUCRemote general-attributes
    address-pool poolUCVPN
    default-group-policy vpnUCRemote
    tunnel-group vpnUCRemote ipsec-attributes
    pre-shared-key *
    tunnel-group 65.206.5.162 type ipsec-l2l
    tunnel-group 65.206.5.162 general-attributes
    tunnel-group 65.206.5.162 ipsec-attributes
    pre-shared-key *
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    !
    service-policy global_policy global
    prompt hostname context
     
    , Sep 4, 2009
    #1
    1. Advertising

  2. No Name Guest

    Artie Lange <> wrote in news:h7rbgb$gs7$1
    @posting.glorb.com:

    > wrote:
    >> Remote VPN clients are disconnecting after several hours and I have to
    >> reboot ASA to reconnect:
    >>

    [...]
    >
    > Try extending the timeout value, this is in seconds.
    >
    >

    I did this, and it still didn't fix the issue. It's a memory issue that gt
    fixed in Version 8.2. I'd suggest an upgrade. Seems to have done the
    trick for me.
     
    No Name, Sep 5, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Adam
    Replies:
    1
    Views:
    603
    Rutger Blom
    May 20, 2004
  2. Rick B.

    Cisco WebVPN Problem

    Rick B., Feb 12, 2004, in forum: Cisco
    Replies:
    2
    Views:
    6,521
    Eric Sorenson
    Feb 24, 2004
  3. NS
    Replies:
    2
    Views:
    1,822
  4. Jacques Virchaux

    WebVPN maximum sessions

    Jacques Virchaux, Feb 27, 2004, in forum: Cisco
    Replies:
    1
    Views:
    627
    Mike Gallagher
    Feb 27, 2004
  5. Joe Steeb

    Cisco WebVPN cifs problem

    Joe Steeb, Aug 4, 2004, in forum: Cisco
    Replies:
    1
    Views:
    2,299
    Joe Steeb
    Aug 13, 2004
Loading...

Share This Page