Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1998
Views
0
Helpful
2
Replies

Cisco ASA - AnyConnect default idle timeout

Go to solution
LovejitSingh130013
Level 1
Level 1

‎11-28-2022 06:15 AM

Hello Experts @balaji.bandi  

I want to know what's the default idle timeout on Cisco ASA AnyConnect? and how to change it.

Also, I want to ensure that AnyConnect will disconnect every 10 hours. The goal is to make sure every user reauthenticates after 10 hours.

Please let me know how I can enforce this setting.

 

Thanks,

 

Lovejit Singh

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-28-2022 07:20 AM - edited ‎11-28-2022 07:20 AM

In practice, I seldom see vpn-idle-timeout (default = 30 minutes) drop a session unless the PC goes to sleep or is suspended.

We more commonly use the vpn-session-timeout (no default so sessions stay up indefinitely) to force the reauthentication that you mentioned wanting to do. Add a value (in minutes) and the session will display a countdown in the AnyConnect / Cisco Secure Client GUI showing the remaining time. An alert message will appear 30 minutes prior to the timeout being reached.

Both parameters are set in the group-policy section of the configuration. The same applies for both ASA- and FTD-based remote access VPN configurations.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-28-2022 07:20 AM - edited ‎11-28-2022 07:20 AM

In practice, I seldom see vpn-idle-timeout (default = 30 minutes) drop a session unless the PC goes to sleep or is suspended.

We more commonly use the vpn-session-timeout (no default so sessions stay up indefinitely) to force the reauthentication that you mentioned wanting to do. Add a value (in minutes) and the session will display a countdown in the AnyConnect / Cisco Secure Client GUI showing the remaining time. An alert message will appear 30 minutes prior to the timeout being reached.

Both parameters are set in the group-policy section of the configuration. The same applies for both ASA- and FTD-based remote access VPN configurations.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card