Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10248
Views
10
Helpful
8
Replies

Max Connect time setting ASA 5520

Go to solution
oklier
Level 1
Level 1

‎07-30-2011 04:45 PM

Hello,

My searches are comming up blank for some reason, its just me. Just need to know where I can set a Max connect time so users dont camp on the ASA when they are not using it.

Thanks in advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to oklier

‎07-31-2011 06:58 AM

In the same link provided before - look  under vpn-session-timeou  configuration ,   this command enforces a maximun RA connection  per tunnel   or per username

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1631430

PLS rate helpful posts

Regards

Jorge Rodriguez

View solution in original post

8 Replies 8

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎07-30-2011 09:16 PM

Hi,

if you meant users connected to ASA for administration of the firewall either by ssh/telnet/ or https you can set the timeout session  for each of these connections to the asa to expired at a certain time in minutes , if this is not what you meant please let us know.

#telnet timeout  < value in min> max is 1440 min

#ssh timeout     max is 60 min 

# http server session-timeou   max is 1440

See command references http://www.cisco.com/en/US/products/ps6120/prod_command_reference_list.html

Regards

Jorge Rodriguez

Go to solution
oklier
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎07-30-2011 09:20 PM

Sorry not what I meant. I was looking for Max Time out for VPN clients, i.e. after 24 hours they get disconnected regardless of activity and they are forced to reconnect.

Sorry for not clarifying earlier.

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to oklier

‎07-30-2011 09:23 PM

ok


You are looking at vpn-idle-timeout attribute settings under group-policy for yourRA vpn tunnel  or per username  , follow guidelines bellow.

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1630720

Jorge Rodriguez
0 Helpful

Go to solution
oklier
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎07-30-2011 09:25 PM

Thanks! I already have that set though. When they have Outlook open it will never be idle .

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to oklier

‎07-30-2011 09:26 PM

So then the connection is not idle,    if you want to   enforce a connection time then there is other settings you can use.

Jorge Rodriguez
0 Helpful

Go to solution
oklier
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎07-30-2011 09:49 PM

You wouldnt happen to know them would you?

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to oklier

‎07-31-2011 06:58 AM

In the same link provided before - look  under vpn-session-timeou  configuration ,   this command enforces a maximun RA connection  per tunnel   or per username

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1631430

PLS rate helpful posts

Regards

Jorge Rodriguez

Go to solution
oklier
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎08-03-2011 09:28 AM

Thanks!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents