Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Has anyone been able to get SSL VPN and idle timeout to work on an ASA?

I have an ASA5520 and I have setup different clinics to use a SSL VPN to connect. I can't get the idle timeout to timeout. I have the correct parameters set but it won't disconnect (I left my PC connected overnight, it was still connected in the morning, without any applications running on the PC).

Emailed my Cisco SE and he stated “I did check the TAC database and it appears that the idle timeout does not work correctly for SSL VPN's.”

Does anyone have an ASA that has SSL VPNs that the idle timeout works, session timeout works OK.

vpn-access-hours none

vpn-simultaneous-logins 2

vpn-idle-timeout 15

vpn-session-timeout 60


Re: Has anyone been able to get SSL VPN and idle timeout to work

The obvious solution would be to configure the vpn-idle-timeout function to some arbitrarily large figure. Can you go to your server and make sure for the group and user under Interface Configuration> Radius (Cisco VPN) that CVPN3000-Authenticated-User-Idle-Timeout is unchecked for group and user. Another good test would be to create a user on the ASA and associate that user to the group while having configured.