Federico Coto F... Mon, 04/05/2010 - 15:42
User Badges:
  • Green, 3000 points or more


On the Group-Policy that you're using for the VPN clients, you have the following options:


To enter name of a configured time-range policy to allow connections only on a specific time range


Enter idle timeout period in minutes to disable the VPN tunnel after a configurable idle period

For the first option you must configure a time range policy and then apply it to the group-policy (linked to the tunnel-group of the VPN clients)


cesar.gabardo Tue, 04/06/2010 - 05:24
User Badges:


But in this case if the:

vpn-access-hours: from 09:00-18:00

vpn-idle-timeout: 30 mins

and the user connect at 17:59, he will be connect until 18:29.

and the normal VPN connections during business hours will also be disconnected every 30 minutes.

Is that correct ?

Regards and thanks for the reply.

Jennifer Halim Tue, 04/06/2010 - 05:32
User Badges:
  • Cisco Employee,

"vpn-idle-timeout: 30 mins" --> only when the vpn user is idle for 30 mins, it will get disconnected. If users are actively sending traffic through the tunnel, the vpn tunnel will never get disconnected, until they are idle for 30 mins.

If you would like absolute session timeout --> "vpn-session-timeout 30" --> vpn user will be connected only for 30 minutes.

And yes, this goes for any time.


This Discussion