Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN concentrator 3020 - wait for user logout before poweroff

Dear Forum Community!

We have a Cisco 3020 concentrator VPN load-balancing cluster configured, the device at primary site operating with master priority. We would like to shut down the master device because of a short maintenance.

I wonder if there is an option in VPN concentrator GUI, which waits for all active sessions to voluntary terminate before shutdown/reboot. Does anybody have any experience about this feature?

There are always ~80-100 remote access VPN user online, and don't want to break these user's connections with a simple poweroff.

Thanks and BR

Belabacsi

Budapest, Hungary

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: VPN concentrator 3020 - wait for user logout before poweroff

I just wanted to clarify two things.

I always save my configuration file ahead of rebooting.  That is why I reboot without saving. I think my wording may have been misleading. 

If you require your clients to re-authenticate the VPN session after a specified period of time, for example 10 hours, the VPN session will be moved to another cluster member when the session is re-authenticated.  Each client won't have to re-establish the VPN session on another concentrator in the cluster.   If you are not using this feature you'll have to wait until each of them terminates his VPN session.

3 REPLIES
Silver

Re: VPN concentrator 3020 - wait for user logout before poweroff

Yes, I have a lot of experience with that feature, it is wonderful.  The setting to change is:

Administration -> System Reboot

Click the radio button for:  Shutdown without automatic reboot

Click the radio button for whatever is appropriate for saving your configuration file.  I always make sure my configuration file is saved, so I usually chose: Reboot without saving active configuration file

Last, and most important, click the radio button for Wait for sessions to terminate (don't allow new sessions)

If the device is the cluster master, one of the other cluster members will immediately take over as the master.

I have never had a problem with this disrupting service.  It is a great feature for managing changes without disrupting anyone.

HTH

Silver

Re: VPN concentrator 3020 - wait for user logout before poweroff

I just wanted to clarify two things.

I always save my configuration file ahead of rebooting.  That is why I reboot without saving. I think my wording may have been misleading. 

If you require your clients to re-authenticate the VPN session after a specified period of time, for example 10 hours, the VPN session will be moved to another cluster member when the session is re-authenticated.  Each client won't have to re-establish the VPN session on another concentrator in the cluster.   If you are not using this feature you'll have to wait until each of them terminates his VPN session.

New Member

Re: VPN concentrator 3020 - wait for user logout before poweroff

Dear slmansfield!

Thanks for Your answer! Great feature, working perfectly! :-)

Regards,

Belabacsi

661
Views
0
Helpful
3
Replies
CreatePlease login to create content