VPN concentrator 3020 - wait for user logout before poweroff

Answered Question
May 6th, 2010
User Badges:

Dear Forum Community!


We have a Cisco 3020 concentrator VPN load-balancing cluster configured, the device at primary site operating with master priority. We would like to shut down the master device because of a short maintenance.

I wonder if there is an option in VPN concentrator GUI, which waits for all active sessions to voluntary terminate before shutdown/reboot. Does anybody have any experience about this feature?

There are always ~80-100 remote access VPN user online, and don't want to break these user's connections with a simple poweroff.


Thanks and BR


Belabacsi

Budapest, Hungary

Correct Answer by slmansfield about 7 years 1 month ago

I just wanted to clarify two things.


I always save my configuration file ahead of rebooting.  That is why I reboot without saving. I think my wording may have been misleading. 


If you require your clients to re-authenticate the VPN session after a specified period of time, for example 10 hours, the VPN session will be moved to another cluster member when the session is re-authenticated.  Each client won't have to re-establish the VPN session on another concentrator in the cluster.   If you are not using this feature you'll have to wait until each of them terminates his VPN session.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
slmansfield Thu, 05/06/2010 - 09:06
User Badges:
  • Silver, 250 points or more

Yes, I have a lot of experience with that feature, it is wonderful.  The setting to change is:


Administration -> System Reboot


Click the radio button for:  Shutdown without automatic reboot


Click the radio button for whatever is appropriate for saving your configuration file.  I always make sure my configuration file is saved, so I usually chose: Reboot without saving active configuration file


Last, and most important, click the radio button for Wait for sessions to terminate (don't allow new sessions)


If the device is the cluster master, one of the other cluster members will immediately take over as the master.


I have never had a problem with this disrupting service.  It is a great feature for managing changes without disrupting anyone.


HTH

Correct Answer
slmansfield Thu, 05/06/2010 - 09:25
User Badges:
  • Silver, 250 points or more

I just wanted to clarify two things.


I always save my configuration file ahead of rebooting.  That is why I reboot without saving. I think my wording may have been misleading. 


If you require your clients to re-authenticate the VPN session after a specified period of time, for example 10 hours, the VPN session will be moved to another cluster member when the session is re-authenticated.  Each client won't have to re-establish the VPN session on another concentrator in the cluster.   If you are not using this feature you'll have to wait until each of them terminates his VPN session.

Bela Mareczky Fri, 05/07/2010 - 23:55
User Badges:

Dear slmansfield!


Thanks for Your answer! Great feature, working perfectly! :-)


Regards,


Belabacsi

Actions

This Discussion

Related Content