Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ssh session timeout and vpn SSG-140

helpmejuniper_
New Contributor
‎03-04-2009 02:59:AM
‎03-04-2009 02:59:AM

ssh session timeout and vpn SSG-140

Greetings~ I've done some searching regarding ssh timeouts. I have them explicitly set to never... however, they still get clipped after 30 minutes. There appear to be some other timeouts in the Juniper set approx to 30 to 60 minutes (ie, one juniper is different thant the other). This ssh session is routed over a vpn... is the vpn doing this (rekey is set on the vpn)? Here is some abridged output from the SSG-140:

fwd1-> get service ssh
Name: SSH
Category: security ID: 0 Flag: Pre-defined
Transport Src port Dst port ICMPtype,code Timeout(min|10sec*) Application
tcp 0/65535 22/22 never None

fwhq-> get service ssh
Name: SSH
Category: security ID: 0 Flag: Pre-defined
Transport Src port Dst port ICMPtype,code Timeout(min|10sec*) Application
tcp 0/65535 22/22 never None

fwd1-> get session service ssh

id 47738/s**,vsys 0,flag 08000000/0000/0001,policy 11,time 50, dip 2 module 0
if 20(nspflag 3801):10.x.y.70/33411->10.x.z.111/22,6,000000000000,sess token 17,vlan 0,tun 40000006,vsd 0,route 3,wsf 7
if 12(nspflag 10801800):10.x.z.1/17048<-10.1.1.111/22,6,001d096db7fc,sess token 25,vlan 0,tun 0,vsd 0,route 5,wsf 7

fwd1-> get session id 47738
id 47738(0000ba7a), flag 08000000/0000/0001, vsys id 0(Root)
policy id 11, application id 0, dip id 2, state 0
current timeout 410, max timeout 1800 (second)
status normal, start time 26005891, duration 0
session id mask 0, app value 0
tunnel.17(vsd 0): 10.x.y.70/33411->10.x.z.111/22, protocol 6 session token 17 route 3
gtwy 10.x.z.111, mac 000000000000, nsptn info 40000006, pmtu 1438
flag 3801, diff 0/0
port seq 0, subif 17, cookie 0, fin seq 0, fin state 0
ethernet0/8(vsd 0): 10.x.z.1/17048<-10.x.z.111/22, protocol 6 session token 25 route 5
gtwy 10.x.z.1, mac 001d096db7fc, nsptn info 0, pmtu 1500
mac 001d096db7fc, nsptn info 0
flag 10801800, diff 0/0
port seq 0, subif 0, cookie 0, fin seq 0, fin state 0

fwhq-> get session dst-ip 10.x.z.111
alloc 158/max 48064, alloc failed 0, mcast alloc 0, di alloc failed 0
total reserved 0, free sessions in shared pool 47906
Total 1 sessions according filtering criteria.
id 27688/s**,vsys 0,flag 08000040/0000/0001,policy 1,time 3076, dip 0 module 0
if 11(nspflag 801801):10.x.y.70/33411->10.x.z.111/22,6,00123fb561fd,sess token 16,vlan 0,tun 0,vsd 0,route 3,wsf 7
if 20(nspflag 3800):10.x.y.70/33411<-10.x.z.111/22,6,000000000000,sess token 16,vlan 0,tun 40000001,vsd 0,route 9,wsf 7
Total 1 sessions shown

fwhq-> get session id 27688
id 27688(00006c28), flag 08000040/0000/0001, vsys id 0(Root)
policy id 1, application id 0, dip id 0, state 0
current timeout 30740, max timeout 32400 (second)
status normal, start time 27065050, duration 0
session id mask 0, app value 0
ethernet0/7(vsd 0): 10.x.y.70/33411->10.x.z.111/22, protocol 6 session token 16 route 3
gtwy 10.x.z.111, mac 00123fb561fd, nsptn info 0, pmtu 1500
flag 801801, diff 0/0
port seq 0, subif 0, cookie 0, fin seq 0, fin state 0
tunnel.17(vsd 0): 10.x.y.70/33411<-10.x.z.111/22, protocol 6 session token 16 route 9
gtwy 10.x.y.70, mac 000000000000, nsptn info 40000001, pmtu 1438
mac 000000000000, nsptn info 40000001
flag 3800, diff 0/0
port seq 0, subif 17, cookie 0, fin seq 0, fin state 0

Thoughts?

cheers!

0 Kudos
1 REPLY 1
helpmejuniper_
New Contributor
‎03-04-2009 03:01:AM
‎03-04-2009 03:01:AM

Re: ssh session timeout and vpn SSG-140

looks like I should have posted this under ssg instead of ssl (whoops sorry)... I guess that's what happens when you post at 3am. my bad... any ideas or help would still be welcome.
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.