Controlling time of Remote Access VPN connection

Unanswered Question
Mar 4th, 2010

Hi,

can you tell me if its possible to control the amount of time of the VPN client connection after the connection in Cisco ASA 5520?

ACL by time is one solution but its not scalable due to the fixed time that the user will need to connect.

Regards,

Rafael Petter

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
slmansfield Thu, 03/04/2010 - 07:13

Yes, you can configure a maximum connect time.

Configuring the Maximum Connect Time

Specify the maximum user connection time in minutes, or enter none to allow unlimited connection time and prevent inheriting a value for this attribute. At the end of this period of time, the adaptive security appliance terminates the connection.

The range is 1 through 35791394 minutes. There is no default timeout. To allow an unlimited timeout period, and thus prevent inheriting a timeout value, enter the vpn-session-timeout command with the none keyword. To remove the attribute from the running configuration, enter the no form of this command.

hostname(config-username)# vpn-session-timeout {minutes | none}

hostname(config-username)# no vpn-session-timeout

hostname(config-username)# 

The following example shows how to set a VPN session timeout of 180 minutes for the user named anyuser:

hostname(config)# username anyuser attributes

hostname(config-username)# vpn-session-timeout 180

hostname(config-username)# 
slmansfield Thu, 03/04/2010 - 07:18

I'll try again to paste the configuration.  I cannot see it in the prior post.

hostname(config-username)# vpn-session-timeout {minutes | none}
hostname(config-username)# no vpn-session-timeout

hostname(config)# username anyuser attributes
hostname(config-username)# vpn-session-timeout 180
hostname(config-username)#

slmansfield Thu, 03/04/2010 - 07:24

The command can also be applied to a group, which is probably more useful to you.

hostname(config)# group-policy FirstGroup attributes
hostname(config-group-policy)# vpn-session-timeout 180

Actions

This Discussion