Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1647
Views
0
Helpful
3
Replies

Newbie Pix 501 HTTP authentication timeout

Go to solution
jeff_charland
Level 1
Level 1

‎03-02-2004 06:16 AM - edited ‎02-21-2020 10:09 AM

two questions here:

1. Users who connect to the Internet through the Pix 501 are asked about every three minutes to enter their username and password. There must be a setting to change this, my reseller says there isn't.

2. Users who connect to the Internet the first time have their IE session hang. Clicking stop then refresh or home brings up the page. Any ideas.

Thanks in advance for any insights you might have

Jeff Charland

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
scoclayton
Level 7
Level 7

‎03-02-2004 06:58 AM

Jeff,

First rule is to never trust your salesman on technical issues ;). Your reseller is wrong. You can indeed change the time that a user is re-prompted to enter their credentials. There are essentially 2 settings you should know about on the PIX with respect to authentication timeouts:

1) the inactivity timer. This is just like it sounds. It will time out an authenticated session going through the PIX after it has reached X amount of time without passing any traffic. The default timer on the PIX for this setting is 0 which means we do no monitor (by default) inactivity time by the user.

2) the absoltue timer. This, again, is at sounds. This timer starts as soon as the user is authenticated and runs continuously. When the time is reached, the user is forced to re-authenticate when they attempt to start a new connection (such as clicking on a link in a web page). The default setting for the absolute timer is 5 mins.

We recommend that you do keep an absolute timer set for security purposes but for ease of access, you may want to tweak these settings. Something like this would not be an "off the wall" setting:

timeout uauth 1:00:00 absolute uauth 0:10:00 inactivity

These settings will force the user to re-authenticate every hour (absolute) and/or every 10 mins after the connection becomes idle.

And finally, no idea on #2 above. Does it happen with all users. Anyone tried Netscrape to see if this is an IE only issue?

Scott

View solution in original post

0 Helpful
3 Replies 3

Go to solution
scoclayton
Level 7
Level 7

‎03-02-2004 06:58 AM

Jeff,

First rule is to never trust your salesman on technical issues ;). Your reseller is wrong. You can indeed change the time that a user is re-prompted to enter their credentials. There are essentially 2 settings you should know about on the PIX with respect to authentication timeouts:

1) the inactivity timer. This is just like it sounds. It will time out an authenticated session going through the PIX after it has reached X amount of time without passing any traffic. The default timer on the PIX for this setting is 0 which means we do no monitor (by default) inactivity time by the user.

2) the absoltue timer. This, again, is at sounds. This timer starts as soon as the user is authenticated and runs continuously. When the time is reached, the user is forced to re-authenticate when they attempt to start a new connection (such as clicking on a link in a web page). The default setting for the absolute timer is 5 mins.

We recommend that you do keep an absolute timer set for security purposes but for ease of access, you may want to tweak these settings. Something like this would not be an "off the wall" setting:

timeout uauth 1:00:00 absolute uauth 0:10:00 inactivity

These settings will force the user to re-authenticate every hour (absolute) and/or every 10 mins after the connection becomes idle.

And finally, no idea on #2 above. Does it happen with all users. Anyone tried Netscrape to see if this is an IE only issue?

Scott

0 Helpful

Go to solution
scoclayton
Level 7
Level 7
In response to scoclayton

‎03-02-2004 06:59 AM

Sorry, I wanted to attach some reading in case you wanted to sanity check me:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/tz.htm#1026093

Scott

0 Helpful

Go to solution
jeff_charland
Level 1
Level 1
In response to scoclayton

‎03-02-2004 10:10 AM

Thanks Scott,

You were right on the money. Went into PDM found the settings and made the changes. happy users = happy me.

After making the changes to the timeout settings, the problem with IE hanging seems to have gone away. Very strange. Also downloaded Netscape 7.1 and tried it. No problem at all. I guess I'll have to wait and see what happens from her on in.

Jeff Charland

0 Helpful
Customers Also Viewed These Support Documents