Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
423
Views
0
Helpful
3
Replies

IPSec VPN

gcumarasamy
Level 1
Level 1

‎06-04-2003 08:18 AM - edited ‎02-21-2020 12:35 PM

I have my PIX 515 configured to act as IPSec VPN gateway for remote users. The PIX OS is 6.3.1. When remote users connect to the VPN gateway, they will be authenticated using Microsft IAS server. My internal network is Microsoft Active Directory environment.

I want to be able to disconect users who are connected to the IPSec vpn and idling for more than an hour. Is it possible to do this through PIX OS 6.3.1??

I am not able to do this through Microsoft IAS (Internet Authentication Server) Radius server which authenticates the user.

Thanks for you r help in advance.

Labels:
0 Helpful
3 Replies 3

osam
Level 1
Level 1

‎06-04-2003 01:10 PM

Yea,

Try,

timeout conn 01:00:00

And just to make sure PIX totally get rid of the connection, you can also use along with the timeout,

service resetinbound

0 Helpful

gcumarasamy
Level 1
Level 1
In response to osam

‎06-05-2003 05:22 AM

I just want confirm...Is this time out entry only for the idle IPSec VPN connection?? I don't want PIX to drop other connections.

Thanks

0 Helpful

shannong
Level 4
Level 4
In response to gcumarasamy

‎06-05-2003 07:03 AM

You can timeout idle client IPsec sessions with:

vpngroup group1 idle-time

I find that VPN clients that are on an internal Win2k AD domain are rarely quiet as they are very chatty to the DC and Exchange. You can also set a maximum connect time to mitigate this:

vpngroup group1 max-time

0 Helpful
Customers Also Viewed These Support Documents