Forum Discussion

amallet_4001's avatar
amallet_4001
Icon for Nimbostratus rankNimbostratus
Feb 15, 2018

F5 APM VPN TCP session Timeout

There are lot of documents and articles that talk about changing the timeouts for TCP profiles.

 

None of the options appear to apply to tcp sessions that are created inside an SSL VPN terminating on the APM.

 

I have changed the base tcp protocol timeouts to be 3600 seconds on the Access Profile, but, the APM will issue an RST at 300 seconds for any idle tcp sessions created by a remote access user.

 

Access Profile:

 

Profile TCP:

 

The tcp profiles are applied to VIPs. There is a VIP associated with the Access Policy for the VPN, but the issue isn't the VPN itself timeout, but tcp sessions initiated by the user over the VPN or initiated by the server over the VPN once established .

 

I can't see any way to apply a tcp profile to these connections. Can the timeout be changed?

 

  • Access profile timeout values is for the whole Access session and not the TCP connections inside Network Access tunnel.

     

    Can you try to

     

    • create a Fast L4 profile with Idle Timeout set to 3600
    • create a forwarding(IP) virtual server
      • destination address 0.0.0.0/0
      • VLANs and Tunnels : enabled on Connectivity profile defined in VPNSSL virtual server
      • protocol profile : profile you defined before