Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to make VPN client auto timeout when it still idle?

How to make VPN client auto disconnect when it still idle?

Hi,I found some user still connected the VPN evenif they dose not use the VPN resouse.

I try to set a "idle timeout" for the VPN configuration.

We use PIX515 8.0.3 and CISCO ACS 4.2 for the VPN's connection and authentication,and the user use cisco vpn client for the connection.

I have tried many methods,but all failured.

First,I configed "vpn-idel-timeout 5" on PIX.It can not worked.

so,I add Radius(CISCO VPN 3000/ASA/PIX 7.0+) attribute "[026/3076/050] Authenticated-User-Idle-Timeout" on CISCO ACS,It still not worked.

And I also add IETF RADIUS Attributes "[028] Idle-Timeout" on group setting on ACS,it always not worked.

i found in vpn client's statistics,it always has some byte sended or received, i thought it maybe IPsec keepalive message or Radius message.

This maybe the reason because the PIX or ACS think the vpn user is keep working.

Can someone tell me how to make a "idle time out"?

best regard.

Roger

Everyone's tags (3)
2 REPLIES
New Member

How to make VPN client auto timeout when it still idle?

  here is the configuration on PIX,

group-policy DfltGrpPolicy attributes

wins-server value 10.0.0.67 10.0.0.68

dns-server value 10.0.0.67 10.0.0.68

vpn-simultaneous-logins 20

vpn-idle-timeout 5

split-tunnel-policy tunnelspecified

split-tunnel-network-list value vpn-acl

default-domain value mydomain.com

address-pools value vpnpool group-policy DfltGrpPolicy attributes
wins-server value 10.0.0.67 10.0.0.68
dns-server value 10.0.0.67 10.0.0.68
vpn-simultaneous-logins 20
vpn-idle-timeout 5
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-acl
default-domain value want-want.com
address-pools value vpnpool

New Member

Re: How to make VPN client auto timeout when it still idle?

Inactivity time out on VPN with windows devices connecting to a corporate network is almost impossible.

Something is almost always 'chatting' in the background (active directory /drive mappings / e-mail systems)

A forced re-authentication after a period (12 or 24 hours) is about as good as it gets

Sent from Cisco Technical Support iPad App

3254
Views
0
Helpful
2
Replies
CreatePlease login to create content