Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

AutoReconnect VPN

We are using the Cisco VPN client to connect police vehicles to internal systems over a broadband connection. The officers use an RSA token to authenticate and initiate the tunnel at the beginning of his shift. After logging on the vehicle is parked in a garage, at the station. When the officer receives an emergency dispatch the tunnel has timed out and the officer needs to log back in. Can the VPN client be configured to automatically re-establish the tunnel without requiring officer intervention?

7 REPLIES

Re: AutoReconnect VPN

No - as I am sure you are aware the RSA token key is time sensitive, as such no key (4 digit PIN and the output of the token) are the same for any 60 second period.

That is the benefit of a token based 2 factor authentication method, something you have and something you know.

HTH>

New Member

Re: AutoReconnect VPN

Is there another VPN client that will work with the CISCO 515 or an ASA that would automatically reconnect?

I understand the security aspect but I also need to consider the safety of the officer.

Re: AutoReconnect VPN

No - the issue is not with the software or the platform you are using for access, it's the method of authentication.

You are using a system that requires user input, with methods that cannot be automated.

Move from 2 (something you know something you have) factor secure authentication - to username and password, this will solve your issue.

But then if the car is stolen.....the access to your internal network is insecure....and I would expect that an authorised user may have un-limited access.......your internal network is wide open to anyone.

HTH>

New Member

Re: AutoReconnect VPN

Is there a way to change the timeout value of the tunnel? So if the car is not communicating on the network for some period of time (1 hour?) the tunnel would not need to be re-established?

Thanks for your help.

Re: AutoReconnect VPN

Of course - but then do you really want a device connected to your internal network, securly....unattended with no limits - surely not.

To be honest - all you have to say to the officers, you are the police of the network....surely they understand the need for secure communications???

New Member

Re: AutoReconnect VPN

I wish it was that simple. What would the parameters that would need to be configured to allow a longer timeout on the tunnel?

Re: AutoReconnect VPN

Again - honestly, you are not fixing the problem, you are making it worse.

In answer to your question, in your vpn profile config:-

vpn-session-timeout <>

298
Views
0
Helpful
7
Replies
CreatePlease to create content