Client is requesting to allow VPN from 05:00am to 23:59pm. How can we ensure all VPN connections will be dropped at midnight?
Using the two in the title, it appears connections will be blocked outside of the time range, but old connections are not terminated. If i were to connect at 11:30, I could remain connected all night which is a problem. Thanks in advance!
Im testing with it right now.. it does not seem to be working. Neither a permit statement w/ time-range, followed by a deny and then the permit ip any any
a deny statement with the time-range, followed by a permit ip any any. this is also being used for remote access vpn. so even though the traffic is on the inside interface, the ASA has a route pointing to the outside interface.
i tried applying the ACL on the outside as well with no luck.
this should help.. the ACL is active, but traffic is not being denied on the inside.
access-list inside1 line 1 extended deny ip any 172.16.31.0 255.255.255.0 time-range VPNHOURS (hitcnt=0) 0x5f2add1d
access-list inside1 line 2 extended deny ip 172.16.31.0 255.255.255.0 any time-range VPNHOURS (hitcnt=0) 0x2c5dec03
access-list inside1 line 3 extended permit ip any any (hitcnt=388) 0xb93b6806
edit again.. just in case.. i also have the following configured.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...