03-04-2010 04:51 AM - edited 02-21-2020 04:31 PM
Hi,
can you tell me if its possible to control the amount of time of the VPN client connection after the connection in Cisco ASA 5520?
ACL by time is one solution but its not scalable due to the fixed time that the user will need to connect.
Regards,
Rafael Petter
03-04-2010 07:13 AM
Yes, you can configure a maximum connect time.
Specify the maximum user connection time in minutes, or enter none to allow unlimited connection time and prevent inheriting a value for this attribute. At the end of this period of time, the adaptive security appliance terminates the connection.
The range is 1 through 35791394 minutes. There is no default timeout. To allow an unlimited timeout period, and thus prevent inheriting a timeout value, enter the vpn-session-timeout command with the none keyword. To remove the attribute from the running configuration, enter the no form of this command.
hostname(config-username)# vpn-session-timeout {minutes | none}
hostname(config-username)# no vpn-session-timeout
hostname(config-username)#
The following example shows how to set a VPN session timeout of 180 minutes for the user named anyuser:
hostname(config)# username anyuser attributes
hostname(config-username)# vpn-session-timeout 180
hostname(config-username)#
03-04-2010 07:18 AM
I'll try again to paste the configuration. I cannot see it in the prior post.
hostname(config-username)# vpn-session-timeout {minutes | none}
hostname(config-username)# no vpn-session-timeout
hostname(config)# username anyuser attributes
hostname(config-username)# vpn-session-timeout 180
hostname(config-username)#
03-04-2010 07:24 AM
The command can also be applied to a group, which is probably more useful to you.
hostname(config)# group-policy FirstGroup attributes
hostname(config-group-policy)# vpn-session-timeout 180
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide