Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1663
Views
0
Helpful
1
Replies

ASA Uauth Absolute Timeout

Go to solution
Alex Pfeil
Level 7
Level 7

‎02-15-2019 06:29 AM - edited ‎02-21-2020 08:49 AM

Can somebody explain what the absolute timeout is for a user authentication? Does it mean after this specific time, you have to authenticate again?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Alex Pfeil
Level 7
Level 7

‎02-18-2019 09:33 AM - edited ‎02-21-2019 07:43 AM

The official answer is that after 5 idle minutes, the user authentication is reset. I believe the idle time starts counting after they login.

Since it was only 5 minutes, I went ahead and ran a test. I caught a user that had been logged in for 12 seconds.  When the idle time hit 5:00 minutes, it gets rid of the authenticated user.  I even caught the user being removed from the show uauth with 1 Authenticated user still in the command.  After running the command shortly after, it showed 0 Authenticated users.

 

NotmyASAname#  show uauth
                        Current    Most Seen
Authenticated Users       1          4
Authen In Progress        0          11
user 'username' at 10.1.2.3, authenticated (idle for 0:00:12)
   absolute   timeout: 0:05:00
   inactivity timeout: 0:00:00
NotmyASAname#

user 'username' at 10.1.2.3, authenticated (idle for 0:04:59)
   absolute   timeout: 0:05:00
   inactivity timeout: 0:00:00
NotmyASAname#  show uauth
                        Current    Most Seen
Authenticated Users       1          4
Authen In Progress        0          11
NotmyASAname#  show uauth
                        Current    Most Seen
Authenticated Users       0          4
Authen In Progress        0          11
NotmyASAname#  show uauth

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Alex Pfeil
Level 7
Level 7

‎02-18-2019 09:33 AM - edited ‎02-21-2019 07:43 AM

The official answer is that after 5 idle minutes, the user authentication is reset. I believe the idle time starts counting after they login.

Since it was only 5 minutes, I went ahead and ran a test. I caught a user that had been logged in for 12 seconds.  When the idle time hit 5:00 minutes, it gets rid of the authenticated user.  I even caught the user being removed from the show uauth with 1 Authenticated user still in the command.  After running the command shortly after, it showed 0 Authenticated users.

 

NotmyASAname#  show uauth
                        Current    Most Seen
Authenticated Users       1          4
Authen In Progress        0          11
user 'username' at 10.1.2.3, authenticated (idle for 0:00:12)
   absolute   timeout: 0:05:00
   inactivity timeout: 0:00:00
NotmyASAname#

user 'username' at 10.1.2.3, authenticated (idle for 0:04:59)
   absolute   timeout: 0:05:00
   inactivity timeout: 0:00:00
NotmyASAname#  show uauth
                        Current    Most Seen
Authenticated Users       1          4
Authen In Progress        0          11
NotmyASAname#  show uauth
                        Current    Most Seen
Authenticated Users       0          4
Authen In Progress        0          11
NotmyASAname#  show uauth

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card