Logoff idle VPN users possible? ASA 5520.

Unanswered Question
May 7th, 2010
User Badges:


I'm using a Cisco ASA 5520 with IOS 8.2.2.  We have many remote users using the Cisco VPN client, but I have been asked can we logout idle users as we do hit our license limit and some users stay conenct for days.

Thing is how can you tell it's an idle user?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dominic.caron Fri, 05/07/2010 - 06:38
User Badges:
  • Silver, 250 points or more
mmitesha Fri, 05/07/2010 - 07:29
User Badges:

You can configure  "vpn-simultaneous-logins" in the group-policy.

Lets say that the value for "vpn-simultaneous-logins" is 3. When the 4th user will connect, the ASA would automatically disconnect the user with the most idle time and the 4th user will connect.



sanbachu Mon, 04/02/2012 - 07:26
User Badges:


user-authentication-idle-timeout <10 >

The above command is used under vpn group policy

After user gets authenticated and not using the vpn for 10 mins the user will disconnected dynamically by ASA.

I think it should be helpful !



eng.syedsarwarh... Tue, 01/03/2017 - 22:37
User Badges:

Dear sanbachu,

we tried with this command but not able to fix. 

under the group policy we have this command 

vpn-idle-timeout 15
vpn-session-timeout 7200

eng.syedsarwarh... Tue, 01/03/2017 - 22:33
User Badges:

Dear Andy,


I hope you are doing well, i would like to know that, have your issue been solved if it is kindly can you provide any running config related to the above issue...........



This Discussion