Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

user VPN session timeout on PIX 6.3

Good day!

We have PIX 6.3(4) and use it as VPN gateway (pp2p and ipsec clients). User authentication is via RADIUS.

How to set session timeout on each user?

On vpngroup it is done through a command

"vpngroup max-time ...", but it extends on all user connected by IPSEC client and this group. But we want to set different value of session timeout to different user.

I tried to use reply item "Session timeout" on radius, but nothing happened (the user remains connected as far as he wants)

And one more question...

How can i disconnect vpn user from pix using CLI or snmp or something else?

but only one user,the others should remain connected!

Thanks!

1 REPLY

Re: user VPN session timeout on PIX 6.3

I think for RADIUS you need ACS because of its "RADIUS Cisco VPN3000" type. This might help: http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2284/products_configuration_example09186a0080094a03.shtml

for IPsec you could setup a different vpngroup for the user, then use:

vpngroup group_name idle-time idle_seconds

vpngroup group_name max-time max_seconds

vpngroup group_name user-idle-timeout user_idle_seconds

[see http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/tz.htm#wp1099471]

Refer to http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/tz.htm#wp1083965 for how to clear a PPTP user off by CLI.

188
Views
0
Helpful
1
Replies
CreatePlease login to create content