Cisco AnyConnect VPN client loses connection to ASA box
-
Testing pfSense 2.0RC1 at home and have so far run into one problem (had the same problem with pfSense 1.2.3).
I'm using Cisco AnyConnect V 2.5.1025 VPN client, on a Windows 7 machine, to connect to a Cisco ASA box at work.
After a couple of minutes of inactivity, the VPN client loses connection to the ASA box, and I have to select disconnect from the AnyConnect client and then connect again. If I make sure there is constant traffic between my PC and the ASA box, the connection stays up.
Is there some configuration item I might have overlooked?This was working fine with my previous router/firewall.
-
If it's using UDP, you may want to go to Firewall > Advanced and set the firewall optimization to "conservative" which should keep states longer.
-
I have the same problem when I VPN into my works cisco ASA box also.. Never thought of changing the firewall optimization to "conservative".. I'll have to try that…
What I did to keep my connection up, I would ping a server on the other end of the tunnel(ping -t xxx.xxx.xxx.xxx). This has kept my vpn connection up for a whole weekend...
@jimp, correct me if i'm wrong here: I thinking the other routers/firewalls are probably stateless firewalls which would keep the connection up.. pfSense being a statefull firewall, states will timeout at some point.
-
Most other firewalls are stateful these days, especially if they do NAT.
It may just be that they have a lot longer timeout.
-
If it's using UDP, you may want to go to Firewall > Advanced and set the firewall optimization to "conservative" which should keep states longer.
A very belated thank you, it worked like a charm.
For those (like me) who have to hunt around in the menus, the exact path is : System > Advanced. Select the "Firewall/NAT" tab and modify "Firewall Optimization Options".
