11-28-2022 06:15 AM
Hello Experts @balaji.bandi
I want to know what's the default idle timeout on Cisco ASA AnyConnect? and how to change it.
Also, I want to ensure that AnyConnect will disconnect every 10 hours. The goal is to make sure every user reauthenticates after 10 hours.
Please let me know how I can enforce this setting.
Thanks,
Lovejit Singh
Solved! Go to Solution.
11-28-2022 06:21 AM
11-28-2022 07:20 AM - edited 11-28-2022 07:20 AM
In practice, I seldom see vpn-idle-timeout (default = 30 minutes) drop a session unless the PC goes to sleep or is suspended.
We more commonly use the vpn-session-timeout (no default so sessions stay up indefinitely) to force the reauthentication that you mentioned wanting to do. Add a value (in minutes) and the session will display a countdown in the AnyConnect / Cisco Secure Client GUI showing the remaining time. An alert message will appear 30 minutes prior to the timeout being reached.
Both parameters are set in the group-policy section of the configuration. The same applies for both ASA- and FTD-based remote access VPN configurations.
11-28-2022 06:21 AM
11-28-2022 07:20 AM - edited 11-28-2022 07:20 AM
In practice, I seldom see vpn-idle-timeout (default = 30 minutes) drop a session unless the PC goes to sleep or is suspended.
We more commonly use the vpn-session-timeout (no default so sessions stay up indefinitely) to force the reauthentication that you mentioned wanting to do. Add a value (in minutes) and the session will display a countdown in the AnyConnect / Cisco Secure Client GUI showing the remaining time. An alert message will appear 30 minutes prior to the timeout being reached.
Both parameters are set in the group-policy section of the configuration. The same applies for both ASA- and FTD-based remote access VPN configurations.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: