06-04-2003 08:18 AM - edited 02-21-2020 12:35 PM
I have my PIX 515 configured to act as IPSec VPN gateway for remote users. The PIX OS is 6.3.1. When remote users connect to the VPN gateway, they will be authenticated using Microsft IAS server. My internal network is Microsoft Active Directory environment.
I want to be able to disconect users who are connected to the IPSec vpn and idling for more than an hour. Is it possible to do this through PIX OS 6.3.1??
I am not able to do this through Microsoft IAS (Internet Authentication Server) Radius server which authenticates the user.
Thanks for you r help in advance.
06-04-2003 01:10 PM
Yea,
Try,
timeout conn 01:00:00
And just to make sure PIX totally get rid of the connection, you can also use along with the timeout,
service resetinbound
06-05-2003 05:22 AM
I just want confirm...Is this time out entry only for the idle IPSec VPN connection?? I don't want PIX to drop other connections.
Thanks
06-05-2003 07:03 AM
You can timeout idle client IPsec sessions with:
vpngroup group1 idle-time
I find that VPN clients that are on an internal Win2k AD domain are rarely quiet as they are very chatty to the DC and Exchange. You can also set a maximum connect time to mitigate this:
vpngroup group1 max-time
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide