In larger context: I would also like to ask, "which config may affect client auto-reconnect function", currently AnyConnect always prompt me with a message like "all reconnect attempts failed" (not the exact wording, as the app is localized). It does connect if tried manually, just not automatically. I only wish the vpn log on client side is easier to read. On Fri, Jan 23, 2015 at 9:19 PM, David Frank <bitinn at gmail.com> wrote: > I recently read this fine-print on Cisco?s document for anyconnect: > > http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/user/guide/iphone-ugac-ios.html#pgfId-205596 > > > Known Issues in Apple iOS Impacting VPN: > > - A DTLS packet received while the device is asleep does not awaken it. TLS packets, however, awaken the device if notifications or Facetime is enabled. AnyConnect automatically disconnects the DTLS tunnel when the device goes to sleep to allow packets received over the TLS connection to wake the device. The DTLS tunnel is restored when the device resumes. > > > So Anyconnect closes UDP session when iOS sleeps (lockscreen), it means dpd is not usable, correct? > > How can I fine-tune ocserv config to stay connected? Is setting a long cookie-timeout the only options?