ciscoasa(config-group-policy)# vpn-access-hours value my-vpn-restriction
The time range of 04:00 to 05:00 permits VPN access between the hours of 10:00 PM to 11:00 PM CST. You apply this time-range within the group policy you want to affect. Any client VPN connection made during this time will live past the end time so long as the idle timeout is not exceeded. So, if a client connects at 10:59 PM they will be permitted to use the VPN for as long as they need to despite exceeding the VPN access time.
The way to work around this is to implement a VPN session timeout value within the group policy as well.
The 30 signifies the number of minutes the VPN connection will stay alive before the ASA resets the connection. <1-35791394> is the number of minutes that can be set. After the session timeout period has been exceeded, the client VPN software will alert the user that the VPN connection has been terminated, at which point they can reconnect. If it falls within access hours, great. Otherwise, the client must wait until the appropriate time to reconnect.
So in the above example, if the user connects to the VPN at 10:59 PM their session will last 30 minutes and end at 11:29 PM. Any reconnection attempt will result in the password box continuously being presented as if they had invalid credentials. The caveat with this method is that normal VPN connections during business hours will also be disconnected every 30 minutes, creating a possible inconvenience for your users.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :