Hi, a couple of questions here, firstly I understand the uauth settings on the pix are as follows:
timeout uauth - 5 mins - Sets the duration before the authentication and authorization cache times out and the user has to re-authenticate the next connection.
timeout xlate - 3 hours - Specifies the idle time until a translation slot is freed; the minimum value is one minute.
timeout conn - 1 hour - Specifies the idle time after which a connection closes; the minimum duration is five minutes.
Just wanting to get my head around some things:
1. if the timeout uauth is set to 5 mins, just what does this mean. Does it mean that if I authenticate and start an rdp session to host A, then that session is ok until I disconnect in a couple of hours, but if I try to start a another connection to host B after that first 5 minutes I then have to reauth first to get that new connection to B going ??
2. What conditions causes the need for a re-auth first, (e.g. loss off all connections, conn timer expired, xlate timer expired or auth timer expired etc) I would have thought the disconnection of session would trigger the timeout conn of one hour - so if I disconnected, then came back 55 minutes later I could still get to that session I previously had open.....
timer uauth command has two options. absolute and inactivity. Absloute timer expires every 5 mins and you will have to re authenticate every 5 mins. If you enable inactivity timer, then you will have to reauthenticate only if the connection is left inactive for 5 mins.
The following link explains the different options for this command:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :