Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.


Unanswered Question
Jun 4th, 2003
User Badges:

I have my PIX 515 configured to act as IPSec VPN gateway for remote users. The PIX OS is 6.3.1. When remote users connect to the VPN gateway, they will be authenticated using Microsft IAS server. My internal network is Microsoft Active Directory environment.

I want to be able to disconect users who are connected to the IPSec vpn and idling for more than an hour. Is it possible to do this through PIX OS 6.3.1??

I am not able to do this through Microsoft IAS (Internet Authentication Server) Radius server which authenticates the user.

Thanks for you r help in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
osam Wed, 06/04/2003 - 13:10
User Badges:



timeout conn 01:00:00

And just to make sure PIX totally get rid of the connection, you can also use along with the timeout,

service resetinbound

gcumarasamy Thu, 06/05/2003 - 05:22
User Badges:

I just want confirm...Is this time out entry only for the idle IPSec VPN connection?? I don't want PIX to drop other connections.


shannong Thu, 06/05/2003 - 07:03
User Badges:
  • Silver, 250 points or more

You can timeout idle client IPsec sessions with:

vpngroup group1 idle-time

I find that VPN clients that are on an internal Win2k AD domain are rarely quiet as they are very chatty to the DC and Exchange. You can also set a maximum connect time to mitigate this:

vpngroup group1 max-time


This Discussion