09-09-2008 09:37 AM - edited 03-09-2019 09:26 PM
We have ASA5550, Active Directory, and RADIUS server. How do you setup idle-timeout? I want to disconnect the computer after 2 hours of inactivity.
Diane
Thanks.
09-09-2008 10:32 AM
If for VPN clients, you can do this.
group-policy
vpn-idle-timeout 60
the above would be timeout of 60 minutes
http://www.cisco.com/en/US/docs/security/asa/asa81/command/ref/uz.html#wp1551655
HTH
Jorge
09-09-2008 01:07 PM
Jorge,
Thanks very much for your prompt response and information. I setup the idle timeout for 5 minutes. I waited for 10 minutes and the VPN client is still connecting. Do I need to configure anything on the RADIUS server? Do you have any suggestions?
Thanks.
Diane
09-09-2008 02:17 PM
Are you sure the client is indeed iddle , it is possible there is still traffic goint through the RA client can you see the logs and confirm.. I do not believe there is anything in RADIUS to setup in terms of client inactivity.. it is settings in the tunnel itself.
Rgds
Jorge
09-09-2008 04:48 PM
Thanks for your prompt response. I left the client running. I do not touch the keyboard and mouse. I do not have any applications or Internet Explorer running. The client is Windows Vista. Where do I look at the logs for traffic activity? Do I also need to setup idle timeout in Split Tunnel? Please let me know if you have any other suggestions.
Thanks.
Diane
09-11-2008 05:14 AM
You are correct. The "isakamp keepalive" was disabled. Once it is enabled, the idle-timeout is working. However, if I enable "isakamp keepalive", my Load Balancing is not working. The VPN client only goes to one ASA box. When the second VPN client connects to the second ASA box, the VPN client never connects and got the error message "Reason 433: Reason not specified by Peer". Do you have any other suggestions?
Thanks.
Diane
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: