How to automatically disconnect VPN users

cesar.gabardo · ‎04-05-2010

I have the need for disconnect VPN users at certain time. Is there any way to automate this task, like a script maybe. Cisco ASA platform.

Federico Coto Fajardo · ‎04-05-2010

Hi,

On the Group-Policy that you're using for the VPN clients, you have the following options:

vpn-access-hours

To enter name of a configured time-range policy to allow connections only on a specific time range

vpn-idle-timeout

Enter idle timeout period in minutes to disable the VPN tunnel after a configurable idle period

For the first option you must configure a time range policy and then apply it to the group-policy (linked to the tunnel-group of the VPN clients)

Federico.

cesar.gabardo · ‎04-06-2010

Hi,

But in this case if the:

vpn-access-hours: from 09:00-18:00

vpn-idle-timeout: 30 mins

and the user connect at 17:59, he will be connect until 18:29.

and the normal VPN connections during business hours will also be disconnected every 30 minutes.

Is that correct ?

Regards and thanks for the reply.

Jennifer Halim · ‎04-06-2010

"vpn-idle-timeout: 30 mins" --> only when the vpn user is idle for 30 mins, it will get disconnected. If users are actively sending traffic through the tunnel, the vpn tunnel will never get disconnected, until they are idle for 30 mins.

If you would like absolute session timeout --> "vpn-session-timeout 30" --> vpn user will be connected only for 30 minutes.

And yes, this goes for any time.