Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Group Policy

Hi,.

I am configuring group policies for local accounts on ASA 5510.

I need to restrict users to different log in hours. I can achieve that fine, but how do I force the user to be disconnected after the login time has expired.
I know there is the option for max connection time or idle timeout but would prefer to force the disconnect.

Any help would be appreciated

 

4 REPLIES
VIP Green

You can do the following to

You can do the following to limit RA VPN access to weekdays between 08:00 and 16:00.  Of course you can create different times, weekends only...etc.  just use the ? when configuring the time-range

time-range WEEKDAYS
 periodic weekdays 8:00 to 16:00

group-policy TEST attributes
 vpn-access-hours value WEEKDAYS

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
VIP Green

forgot to mention that under

forgot to mention that under the time-range configuration, absolute means it only occurs once.  Periodic means repeating.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
New Member

Thanks for the reply.If the

Thanks for the reply.

If the user is connected, will they be disconnected after 16:00 though?

In my testing this doesnt appear to happen without the maximum connection option configured.

VIP Green

As far as I know there is no

As far as I know there is no way of doing this without the maximum connection option configured (in version 9.1 and earlier)

As of version 9.2 the ASA has basic EEM capabilities.  So you could configure an absolute event that triggers at 16:00 and runs a script  that runs the command vpn-session-db logoff svc.  Then all RA VPN users will be logged off and will not be able to log back in.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
21
Views
0
Helpful
4
Replies
CreatePlease login to create content