I am connecting with Anyconnect client to a ASA5510(8.2.1(11))
In the group policy I have idle timeout = unlimited, but if I control the session in asdm and in command line
I find idle timeout=30 minutes.
If I insert idle timeout = 60 in the policy, in the session I see Idle timeout =60 min.
Is there only a problem in the visualization of the session?
Setting the "vpn-idle-timeout none" command from the group-policy is a misunderstood command. When it is set in the group-policy it does not disable the idle-timeout. In the past I filed a bug to clarify what this setting does (see CSCsm15079) to clarify the misunderstanding. In newer versions of code with the bug fix, the command sensitive help now properly explains it:
ASA(config-group-policy)# vpn-idle-timeout ?
group-policy mode commands/options:
<1-35791394> Number of minutes
none IPsec VPN: Disable timeout and allow an unlimited idle period;
SSL VPN: Use value of default-idle-timeout
When it is set to none, and you are using SSL VPN, it means it will inherit the default-idle-timeout that is set under the Webvpn config. The default for this command is 30 minutes, so thats probably why ASDM is displaying 30 minutes. If you would like to adjust this value, it can be changed with:
If you would like an "unlimited" idle time, you should set the vpn-idle-timeout in the group-policy to a specific number instead of "none" -- the maximum you can set with the vpn-idle-timeout command is 35791394 minutes (something like ~24000 days or essentially unlimited).
Please rate this post and mark it as resolved if it has addressed the issue.