Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1799
Views
0
Helpful
7
Replies

How to disable 2h timer when using Anyconnect VPN

pgaznavi8
Level 1
Level 1

‎10-03-2022 10:55 AM - edited ‎10-03-2022 11:46 AM

Hi,

I have been trying to find where the setting is to limit the time that someone can use VPN using AnyConnect on a firepower 2110 appliance. For some reason i cannot find it or locate it and i want to disable the time limit. When someone connect with VPN, it shows the connection will terminate in 2 hours. Can someone please point me to the right direction on that one and what setting i need to change to turn that off?

 

Thank you!!

Screenshot 2022-10-03 134317.jpg

 Screenshot 2022-10-03 134443.jpg 

0 Helpful
7 Replies 7

MHM Cisco World
VIP
VIP

‎10-03-2022 11:22 AM - edited ‎10-03-2022 11:23 AM

VPN idle timeout must config longer than 2 hours 

0 Helpful

Sheraz.Salim
VIP Alumni
VIP Alumni

‎10-03-2022 12:37 PM - edited ‎10-03-2022 12:43 PM

Reference from 

vpn-idle-timeout 30 = the amount of time the vpn connection is idle ie. no activity seen on the tunnel, before it is disconnected

vpn-session-timeout 900 = the amount of time the VPN tunnel is allowed to stay up regardless of whether there is activity or not.

 

If you running the ASA code in that case you can fine tune them.

 

show run group-policy FirstGroup 
!
hostname(config)# group-policy FirstGroup attributes
hostname(config-group-policy)# vpn-idle-timeout 15

 

and if your running ftd code in that case see this Cisco Document 

 

please do not forget to rate.
0 Helpful

pgaznavi8
Level 1
Level 1

‎10-03-2022 03:07 PM

Thanks! I'm trying to change these settings using Cisco ASDM version 7.12(2) 14. Where would i find those? There are just so many options and sections. I can locate the default policy but still the settings i guess are named differently. ThanksScreenshot 2022-10-03 180532.jpg

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to pgaznavi8

‎10-03-2022 09:05 PM

You would change it by editing the Group Policy associated with your VPN Connection Profile. Max Connect Time is the one you are seeing in the "countdown" in your client GUI.

VPN Max Connect Time and Idle TimeoutVPN Max Connect Time and Idle Timeout

0 Helpful

pgaznavi8
Level 1
Level 1
In response to Marvin Rhoads

‎10-10-2022 11:26 AM

Thank you! So this is what i have currently setup for the default group policy.
pgaznavi8_0-1665426219165.png

And this is the policy that is applied to my users: I cannot find anything anything that mention 2 hours' time limits.

pgaznavi8_1-1665426412665.png

 

0 Helpful

Sheraz.Salim
VIP Alumni
VIP Alumni
In response to pgaznavi8

‎10-10-2022 01:18 PM

your anyconnect behaviour is odd as what you have shown in ASDM your max-connection time is unlimited but for client it shows the 2 hours windows. This does not make sense according to your ASDM config your end anyconnect client should not see the time window (how much less time it left) could you please run the command on CLI on your firewall "show run all group-policy"

please do not forget to rate.
0 Helpful

pgaznavi8
Level 1
Level 1
In response to Sheraz.Salim

‎10-24-2022 02:57 PM

Sorry for the long delay, total agree, that is really weird. 

 

Here is the result from the command:

 

Result of the command: "show run all group-policy"

group-policy DfltGrpPolicy internal
group-policy DfltGrpPolicy attributes
banner none
wins-server value 10.1.2.13
dns-server value 10.1.2.5 10.55.1.60
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout none
vpn-idle-timeout alert-interval 1
vpn-session-timeout none
vpn-session-timeout alert-interval 1
vpn-filter none
ipv6-vpn-filter none
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
ipv6-split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain value abcimaging.com
split-dns none
split-tunnel-all-dns disable
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
client-bypass-protocol disable
gateway-fqdn none
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
msie-proxy pac-url none
msie-proxy lockdown enable
vlan none
address-pools none
ipv6-address-pools none
smartcard-removal-disconnect enable
scep-forwarding-url none
security-group-tag none
periodic-authentication certificate none
no vpn-simultaneous-login-delete-no-delay
client-firewall none
client-access-rule none
webvpn
url-list none
filter none
homepage none
html-content-filter none
port-forward name Application Access
port-forward disable
http-proxy disable
anyconnect ssl dtls enable
anyconnect mtu 1406
anyconnect firewall-rule client-interface private none
anyconnect firewall-rule client-interface public none
anyconnect keep-installer installed
anyconnect ssl keepalive 20
anyconnect ssl rekey time none
anyconnect ssl rekey method none
anyconnect dpd-interval client 30
anyconnect dpd-interval gateway 30
anyconnect ssl compression none
anyconnect dtls compression none
anyconnect modules none
anyconnect profiles none
anyconnect ask none
customization none
keep-alive-ignore 4
http-comp gzip
download-max-size 2147483647
upload-max-size 2147483647
post-max-size 2147483647
user-storage none
storage-objects value cookies,credentials
storage-key none
hidden-shares none
smart-tunnel disable
activex-relay enable
unix-auth-uid 65534
unix-auth-gid 65534
file-entry enable
file-browsing enable
url-entry enable
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
smart-tunnel auto-signon disable
anyconnect ssl df-bit-ignore disable
anyconnect routing-filtering-ignore disable
smart-tunnel tunnel-policy tunnelall
always-on-vpn profile-setting
group-policy ABC-RadiusVPN internal
group-policy ABC-RadiusVPN attributes
banner none
dns-server value 10.1.2.79 10.1.2.80
vpn-session-timeout none
vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value abcimaging.local_splitTunnelAcl
default-domain value corp.abcimaging.com
no vpn-simultaneous-login-delete-no-delay
webvpn
anyconnect profiles value ABC-RadiusVPNProfile type user
group-policy abcimaging.local internal
group-policy abcimaging.local attributes
wins-server value 10.1.2.13
dns-server value 10.1.2.5 10.55.1.60
vpn-tunnel-protocol ikev1 ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value abcimaging.local_splitTunnelAcl
default-domain value abcimaging.com
no vpn-simultaneous-login-delete-no-delay
group-policy "GSA Secure" internal
group-policy "GSA Secure" attributes
wins-server none
dns-server none
vpn-tunnel-protocol ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value GSA
no vpn-simultaneous-login-delete-no-delay
webvpn
anyconnect ssl dtls enable
anyconnect keep-installer none
anyconnect ssl keepalive 20
anyconnect ssl compression deflate
group-policy GroupPolicy internal
group-policy GroupPolicy attributes
vpn-tunnel-protocol ikev1 ssl-client
no vpn-simultaneous-login-delete-no-delay
group-policy GroupPolicy6 internal
group-policy GroupPolicy6 attributes
vpn-tunnel-protocol ssl-client
no vpn-simultaneous-login-delete-no-delay
group-policy GroupPolicy5 internal
group-policy GroupPolicy5 attributes
vpn-tunnel-protocol ikev1
no vpn-simultaneous-login-delete-no-delay
group-policy dallasdev internal
group-policy dallasdev attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
no vpn-simultaneous-login-delete-no-delay
group-policy GroupPolicy4 internal
group-policy GroupPolicy4 attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
no vpn-simultaneous-login-delete-no-delay
group-policy GroupPolicy3 internal
group-policy GroupPolicy3 attributes
vpn-tunnel-protocol ikev1
no vpn-simultaneous-login-delete-no-delay
group-policy GroupPolicy2 internal
group-policy GroupPolicy2 attributes
vpn-tunnel-protocol ikev1
no vpn-simultaneous-login-delete-no-delay
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1
no vpn-simultaneous-login-delete-no-delay
group-policy aa internal
group-policy aa attributes
vpn-tunnel-protocol ssl-client
no vpn-simultaneous-login-delete-no-delay
group-policy Vo internal
group-policy Vo attributes
vpn-tunnel-protocol ssl-client
no vpn-simultaneous-login-delete-no-delay
group-policy Clientless-VPN-Policy internal

Result of the command: "show run all group-policy"

group-policy DfltGrpPolicy internal
group-policy DfltGrpPolicy attributes
banner none
wins-server value 10.1.2.13
dns-server value 10.1.2.5 10.55.1.60
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout none
vpn-idle-timeout alert-interval 1
vpn-session-timeout none
vpn-session-timeout alert-interval 1
vpn-filter none
ipv6-vpn-filter none
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
ipv6-split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain value abcimaging.com
split-dns none
split-tunnel-all-dns disable
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
client-bypass-protocol disable
gateway-fqdn none
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
msie-proxy pac-url none
msie-proxy lockdown enable
vlan none
address-pools none
ipv6-address-pools none
smartcard-removal-disconnect enable
scep-forwarding-url none
security-group-tag none
periodic-authentication certificate none
no vpn-simultaneous-login-delete-no-delay
client-firewall none
client-access-rule none
webvpn
url-list none
filter none
homepage none
html-content-filter none
port-forward name Application Access
port-forward disable
http-proxy disable
anyconnect ssl dtls enable
anyconnect mtu 1406
anyconnect firewall-rule client-interface private none
anyconnect firewall-rule client-interface public none
anyconnect keep-installer installed
anyconnect ssl keepalive 20
anyconnect ssl rekey time none
anyconnect ssl rekey method none
anyconnect dpd-interval client 30
anyconnect dpd-interval gateway 30
anyconnect ssl compression none
anyconnect dtls compression none
anyconnect modules none
anyconnect profiles none
anyconnect ask none
customization none
keep-alive-ignore 4
http-comp gzip
download-max-size 2147483647
upload-max-size 2147483647
post-max-size 2147483647
user-storage none
storage-objects value cookies,credentials
storage-key none
hidden-shares none
smart-tunnel disable
activex-relay enable
unix-auth-uid 65534
unix-auth-gid 65534
file-entry enable
file-browsing enable
url-entry enable
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
smart-tunnel auto-signon disable
anyconnect ssl df-bit-ignore disable
anyconnect routing-filtering-ignore disable
smart-tunnel tunnel-policy tunnelall
always-on-vpn profile-setting
group-policy ABC-RadiusVPN internal
group-policy ABC-RadiusVPN attributes
banner none
dns-server value 10.1.2.79 10.1.2.80
vpn-session-timeout none
vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value abcimaging.local_splitTunnelAcl
default-domain value corp.abcimaging.com
no vpn-simultaneous-login-delete-no-delay
webvpn
anyconnect profiles value ABC-RadiusVPNProfile type user
group-policy abcimaging.local internal
group-policy abcimaging.local attributes
wins-server value 10.1.2.13
dns-server value 10.1.2.5 10.55.1.60
vpn-tunnel-protocol ikev1 ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value abcimaging.local_splitTunnelAcl
default-domain value abcimaging.com
no vpn-simultaneous-login-delete-no-delay
group-policy "GSA Secure" internal
group-policy "GSA Secure" attributes
wins-server none
dns-server none
vpn-tunnel-protocol ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value GSA
no vpn-simultaneous-login-delete-no-delay
webvpn
anyconnect ssl dtls enable
anyconnect keep-installer none
anyconnect ssl keepalive 20
anyconnect ssl compression deflate
group-policy GroupPolicy internal
group-policy GroupPolicy attributes
vpn-tunnel-protocol ikev1 ssl-client
no vpn-simultaneous-login-delete-no-delay
group-policy GroupPolicy6 internal
group-policy GroupPolicy6 attributes
vpn-tunnel-protocol ssl-client
no vpn-simultaneous-login-delete-no-delay
group-policy GroupPolicy5 internal
group-policy GroupPolicy5 attributes
vpn-tunnel-protocol ikev1
no vpn-simultaneous-login-delete-no-delay
group-policy dallasdev internal
group-policy dallasdev attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
no vpn-simultaneous-login-delete-no-delay
group-policy GroupPolicy4 internal
group-policy GroupPolicy4 attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
no vpn-simultaneous-login-delete-no-delay
group-policy GroupPolicy3 internal
group-policy GroupPolicy3 attributes
vpn-tunnel-protocol ikev1
no vpn-simultaneous-login-delete-no-delay
group-policy GroupPolicy2 internal
group-policy GroupPolicy2 attributes
vpn-tunnel-protocol ikev1
no vpn-simultaneous-login-delete-no-delay
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1
no vpn-simultaneous-login-delete-no-delay
group-policy aa internal
group-policy aa attributes
vpn-tunnel-protocol ssl-client
no vpn-simultaneous-login-delete-no-delay
group-policy Vo internal
group-policy Vo attributes
vpn-tunnel-protocol ssl-client
no vpn-simultaneous-login-delete-no-delay
group-policy Clientless-VPN-Policy internal

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card