Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSA MC Unreachable policy

Hi All ..

I have a requirement whereby my customer wants to lock down their laptops so that they can only access internal addresses. This is easy enough, however when a user takes the laptop out of the office, the customer needs to allow the laptop sufficient access to enable them to connect to a wireless or wired POP, and then launch the VPN client to allow them to access the internal services.

So my idea was to create a state based rule where, if the client can't see the MC, then they get temporary access to external IP addresses to allow them to connect to a POP, and also launch the VPN client. After a set time, all external access is removed to stop the user from accessing the internet.

I have read through this document - (

Which provides an overview of the connectivity i need including detail of a 300second timer which is invoked when the MC becomes unreachable, but it is unclear where to set this timer - any ideas ??

Does anyone have a suggested policy that will achieve what i have described above

Thanks in advance