Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AnyConnect VPN session

Dear NetPro gurus,

On the Cisco ASA firewall, Is there any way I can make the a particular VPN session for AnyConnect SSLVPN users to 'infinite' so that it will 'never time out'??

Cheers,

Hunt

4 REPLIES
Cisco Employee

Re: AnyConnect VPN session

You can change the group policy settings for "vpn-idle-timeout" to be the max:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1630720

If you set it to "none" unfortunately it will use the default idle timeout settings, unless you change that too.

The max you can set is 35791394 minutes == 596523 hours == 24855 days == 68 years. I am sure your user will not be idle for 68 years

Hope that helps.

New Member

Re: AnyConnect VPN session

Hi Jennifer,

Thanks for your quick reply.

In that case, what's the difference between vpn-idle-timeout VS vpn-session-timeout??

Should i change both settings to 35791394??

Cheers,

Hunt

Cisco Employee

Re: AnyConnect VPN session

vpn-idle-timeout: timeout when the user is actually idle (not passing any traffic to and from the vpn).

vpn-session-timeout: this is an absolute timeout for the vpn session from the time the user connects.

vpn-session-timeout should be set to "none":

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1631430

so:

vpn-idle-timeout 35791394

vpn-session-timeout none

Hope that helps.

Cisco Employee

Re: AnyConnect VPN session

Please kindly mark the post as answered if you have no further question. Thanks.

897
Views
0
Helpful
4
Replies
CreatePlease login to create content