Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
386
Views
0
Helpful
5
Replies

Idle-timeout

dianewalker
Level 1
Level 1

‎09-09-2008 09:37 AM - edited ‎03-09-2019 09:26 PM

We have ASA5550, Active Directory, and RADIUS server. How do you setup idle-timeout? I want to disconnect the computer after 2 hours of inactivity.

Diane

Thanks.

Labels:
0 Helpful
5 Replies 5

JORGE RODRIGUEZ
Level 10
Level 10

‎09-09-2008 10:32 AM

If for VPN clients, you can do this.

group-policy attributes

vpn-idle-timeout 60

the above would be timeout of 60 minutes

http://www.cisco.com/en/US/docs/security/asa/asa81/command/ref/uz.html#wp1551655

HTH

Jorge

Jorge Rodriguez
0 Helpful

dianewalker
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎09-09-2008 01:07 PM

Jorge,

Thanks very much for your prompt response and information. I setup the idle timeout for 5 minutes. I waited for 10 minutes and the VPN client is still connecting. Do I need to configure anything on the RADIUS server? Do you have any suggestions?

Thanks.

Diane

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to dianewalker

‎09-09-2008 02:17 PM

Are you sure the client is indeed iddle , it is possible there is still traffic goint through the RA client can you see the logs and confirm.. I do not believe there is anything in RADIUS to setup in terms of client inactivity.. it is settings in the tunnel itself.

Rgds

Jorge

Jorge Rodriguez
0 Helpful

dianewalker
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎09-09-2008 04:48 PM

Thanks for your prompt response. I left the client running. I do not touch the keyboard and mouse. I do not have any applications or Internet Explorer running. The client is Windows Vista. Where do I look at the logs for traffic activity? Do I also need to setup idle timeout in Split Tunnel? Please let me know if you have any other suggestions.

Thanks.

Diane

0 Helpful

dianewalker
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎09-11-2008 05:14 AM

You are correct. The "isakamp keepalive" was disabled. Once it is enabled, the idle-timeout is working. However, if I enable "isakamp keepalive", my Load Balancing is not working. The VPN client only goes to one ASA box. When the second VPN client connects to the second ASA box, the VPN client never connects and got the error message "Reason 433: Reason not specified by Peer". Do you have any other suggestions?

Thanks.

Diane

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents