Forum Discussion

Nimbostratus

Dec 01, 2015

TCP Timeout for Sessions inside SSL VPN

All the articles I can find on F5 timeouts relate to the TCP profile of the VIP. In this case, in APM, the VIP is used for the connection, and then the session is passed to an access policy and the SSL VPN is established.

The VIP itself doesn't have a timeout issue, but any tcp session created within the VPN tunnel has the 300 second idle timeout limit enforced.

I can see the sessions in

tmsh show sys conn ss-client-addr [session-ip]

Once the timer hits 300 seconds for any tcp session created by the VPN user, the F5 issues an RST to the VPN client which kills the session.

Changing the tcp profile of the VIP doesn't alter this timeout. Where is the tcp profile for the sessions inside the tunnel?

BIG-IP

BIG-IP Access Policy Manager (APM)

security

No RepliesBe the first to reply

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

TCP Timeout for Sessions inside SSL VPN

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 Big-IP Trust Internal CA Chain certificates for Web Servers

Expired client-certificate

Need to make 2 Virtual Appliance in r4600 F5

SOLVED: sending IsCompliant, IsKnown and IsManaged via SAML (SSO)

BIG-IP methods to Fix the “421 Misdirected Request” Error

Related Content

source address persistence maximum session timeout

MCP Session Affinity With F5 NGINX Plus

APM session inactivity timeoute VS. TCP idle timout

idle timeout for admin session on BigIP

big3d timeouts

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS