10-30-2002 01:49 PM - edited 02-21-2020 12:09 PM
We setup the 1710 access router for user to use Cisco VPN client 3.6.2 to dial-in. We found out that user can disconnect themselves after they finish what they need to do. But what if the user just log out of the server but forget to disconnect the vpn connection?
Can we setup a idle time out?
Can we terminate the unwanted user?
10-30-2002 06:29 PM
The router and the client support DPD (Dead Peer Detection), which is basically a keepalive packet sent out at regular intervals (that can't be changed), and if the router detects that the client is not there it'll remove the tunnel.
You can terminate a particular tunnel if you know which one it is specifically, by using the command:
> clear crypto sa peer
command detailed here (http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/srprt4/srdipsec.htm#1017392). There's other options as you'll see to define which tunnel you want to clear.
Unfortunately there's no way to map a tunnel to a username or anything like that, so it may be difficult to figure out who is who. If you only have the one user though, then just clear them all with "clear cry sa" and "clear cry isa".
11-09-2002 09:49 PM
Thank you, but I try to use cisco vpn client 3.6.2 to connect to 1710, after connect, I do nothing, but the connection will not time out after 12 hours, is there a command I can configure or how to make sure DPD will working properly?
About this "clear crypto sa peer
After I "clear crypto sa peer
Thanks
Harry
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: