Firewall / vpn timeout

Homepage Clovertech Forums Read Only Archives Cloverleaf Cloverleaf Firewall / vpn timeout

  • Creator
    Topic
  • #47860
    Anonymous
    Participant

    Hi all,

    We have a problem with a firewall cutting off a connection if the interface is idle for an extended period.  We have the timeout on the firewall set up to its max of 24 hours. unfotunately this does not handle weekends when the ancillary system has almost no volume.

    We are concidering sending a ZPI messages every few minutes to keep the connection alive.  This ZPI would be ignored by the downstream system.

    I thought someone once talked about a pdl that would take care of this issue tat the tcp layer rather than my application layer solution.  Any info or suggestions greatly apprieciated.

    Thanks.

Viewing 2 reply threads
  • Author
    Replies
    • #56926
      Daniel Lee
      Participant

      When we were having this problem our network guy just had nagios send a ping every 15 minutes to keep the VPN tunnel up.  This seemed to work fine.

    • #56927
      Michael Hertel
      Participant

      This is from the archive:

      The author is Mike.Golovach@vtmednet.org

      If you’re on AIX, this is the solution. It sure saved me

      a lot of heartache.

      >>>>>>>>

      We had this same problem and I tried everything including letting an

      alert create a keep alive message. But the vendor would not agree to

      doing the same thing on their end of the interface for their outbound

      thread … which was a good thing. It forced me to keep digging.

      The issue was that our TCP/IP (AIX 5.2) was configured with all of the

      default timeout values. The TCP_keepidle parameter needed to be set to

      an interval shorter that Cisco timeout value. We set ours to 3600 and

      the problem was solved.

      Michael

      >>>>>>>>

    • #56928
      Anonymous
      Participant

      Thanks Michael,

      I’ll give this info to my security person and see if this might work!

Viewing 2 reply threads
  • The forum ‘Cloverleaf’ is closed to new topics and replies.

Forum Statistics

Registered Users
5,126
Forums
28
Topics
9,295
Replies
34,439
Topic Tags
287
Empty Topic Tags
10