11-28-2022 06:15 AM
Hello Experts @balaji.bandi
I want to know what's the default idle timeout on Cisco ASA AnyConnect? and how to change it.
Also, I want to ensure that AnyConnect will disconnect every 10 hours. The goal is to make sure every user reauthenticates after 10 hours.
Please let me know how I can enforce this setting.
Thanks,
Lovejit Singh
Solved! Go to Solution.
11-28-2022 06:21 AM
11-28-2022 07:20 AM - edited 11-28-2022 07:20 AM
In practice, I seldom see vpn-idle-timeout (default = 30 minutes) drop a session unless the PC goes to sleep or is suspended.
We more commonly use the vpn-session-timeout (no default so sessions stay up indefinitely) to force the reauthentication that you mentioned wanting to do. Add a value (in minutes) and the session will display a countdown in the AnyConnect / Cisco Secure Client GUI showing the remaining time. An alert message will appear 30 minutes prior to the timeout being reached.
Both parameters are set in the group-policy section of the configuration. The same applies for both ASA- and FTD-based remote access VPN configurations.
11-28-2022 06:21 AM
11-28-2022 07:20 AM - edited 11-28-2022 07:20 AM
In practice, I seldom see vpn-idle-timeout (default = 30 minutes) drop a session unless the PC goes to sleep or is suspended.
We more commonly use the vpn-session-timeout (no default so sessions stay up indefinitely) to force the reauthentication that you mentioned wanting to do. Add a value (in minutes) and the session will display a countdown in the AnyConnect / Cisco Secure Client GUI showing the remaining time. An alert message will appear 30 minutes prior to the timeout being reached.
Both parameters are set in the group-policy section of the configuration. The same applies for both ASA- and FTD-based remote access VPN configurations.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide