Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

IPSec VPN

I have my PIX 515 configured to act as IPSec VPN gateway for remote users. The PIX OS is 6.3.1. When remote users connect to the VPN gateway, they will be authenticated using Microsft IAS server. My internal network is Microsoft Active Directory environment.

I want to be able to disconect users who are connected to the IPSec vpn and idling for more than an hour. Is it possible to do this through PIX OS 6.3.1??

I am not able to do this through Microsoft IAS (Internet Authentication Server) Radius server which authenticates the user.

Thanks for you r help in advance.

3 REPLIES
Community Member

Re: IPSec VPN

Yea,

Try,

timeout conn 01:00:00

And just to make sure PIX totally get rid of the connection, you can also use along with the timeout,

service resetinbound

Community Member

Re: IPSec VPN

I just want confirm...Is this time out entry only for the idle IPSec VPN connection?? I don't want PIX to drop other connections.

Thanks

Silver

Re: IPSec VPN

You can timeout idle client IPsec sessions with:

vpngroup group1 idle-time

I find that VPN clients that are on an internal Win2k AD domain are rarely quiet as they are very chatty to the DC and Exchange. You can also set a maximum connect time to mitigate this:

vpngroup group1 max-time

129
Views
0
Helpful
3
Replies
CreatePlease to create content