Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Authentication Timeout

I have an ASA 5520 and I am having trouble getting the AnyConnect VPN authentication timeout feature to work properly. I thought I did have it working a couple of months ago, but right now it is not giving me more than the default 12 seconds. I have tried intervals of anywhere from 25 seconds up to 120. I am currently runnign version 6.4 on the ASA and AnyConnect 2.5.3055. Any input is appreciated.

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions

Authentication Timeout

You will need to either rename the profiles on the ASA or remove them from the profiles folder of your machine.

8 REPLIES

Re:Authentication Timeout

Hi,

Are you modifying this value under the group-policy settings?

What happens when it is supposed to time-out?

Thanks.

Sent from Cisco Technical Support Android App

New Member

Authentication Timeout

I have been setting it in the client profile. I see that the server timeout can be set in the AAA server group, but my issue is that the AnyConnect client times out before th second part of the two factor authentication can occur.

New Member

Authentication Timeout

I looked in the event viewer on the client and anyconnect reports that the timeout of 180s is beyond the allowed range, so it is defaulting to the 12 seconds. I am not sure where it is getting the 180s from, as I do not have that set in the client profile. I am wondering if it is using an older config and not updating with the new profile?

New Member

Authentication Timeout

I think I am now talking to myself, but hopefully this helps someone else someday!

The profiles located in C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\Profile were not updated. The client was using both the wrong profile AND an outdated profile. I modified the profile locally and the client worked fine. Now I need to determine why the client profile's are not being downloaded.

Authentication Timeout

Patrick,

I am glad to hear that it now works as expected.

Check the config of the ASA and make sure you have assigned the correct profile to the group-policy.

Thanks.

New Member

Authentication Timeout

I have checked and double checked the settings and the proper client profile is chosen. When AnyConnect talks to the firewall though, it is not updating the profiles. Either the client is not trying to download them, or the ASA is sending the wrong info.

Authentication Timeout

You will need to either rename the profiles on the ASA or remove them from the profiles folder of your machine.

New Member

Authentication Timeout

Yep. I removed them from my machine. I also fixed the profile Iw as trying to use. I misconfigured the host info, so it was unable to connect on that profile. I am wondering if it jumps to the next profile in the folder to see if that works, which is why it was not using the intended profile?

I have it working properly now and updating the profile properly. All is right in the world.

Thanks for the help Javier!

676
Views
0
Helpful
8
Replies
CreatePlease to create content