We have a time-out problem with our VPN clients. After 15 minutes of inactivity the connection is closed. We have a PIX 515 and use the cisco VPN clients. Any help or suggestions will be great.
Thanks!
This is our configuration:
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:30:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server AuthIn protocol tacacs+
aaa-server AuthIn (inside) host 92.0.0.44 xxxxxxxx timeout 10
aaa authentication telnet console AuthIn
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside 92.0.0.161 /pixfirewall
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 20 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication AuthIn
crypto map mymap interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup WNLR address-pool bigpool
vpngroup WNLR split-tunnel nonat
vpngroup WNLR idle-time 1800
vpngroup WNLR password ********
telnet 92.0.0.161 255.255.255.255 inside
telnet 92.0.0.5 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
terminal width 80
Thanks!
This is our configuration:
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:30:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server AuthIn protocol tacacs+
aaa-server AuthIn (inside) host 92.0.0.44 xxxxxxxx timeout 10
aaa authentication telnet console AuthIn
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside 92.0.0.161 /pixfirewall
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 20 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication AuthIn
crypto map mymap interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup WNLR address-pool bigpool
vpngroup WNLR split-tunnel nonat
vpngroup WNLR idle-time 1800
vpngroup WNLR password ********
telnet 92.0.0.161 255.255.255.255 inside
telnet 92.0.0.5 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
terminal width 80
