On Fri, Apr 18, 2014 at 1:51 AM, Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> wrote: > That means that the session (TCP/TLS) has timed out, but the phone > continues sending DTLS UDP packets and expecting the server to reply. > There is not much the server can do, as the session's credentials no > longer exist. What you could do is try to play with the various > timeout values in the server's configuration and see which one fits > your mobile better. In that case let us know. FWIW, Cisco notes that DPD is used by their software to figure out when to fall back from DTLS to TLS: http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_anyconnect.html#wp1090425 Setting a more aggressive DPD interval could help the client determine that it needs to reconnect. The downside is that DPD packets sent from the gateway will often cause wakeups on a sleeping mobile device, affecting battery life.
