cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
20843
Views
0
Helpful
20
Replies

vpn-idle-timeout 1, VPN will never be disconnected.

The timeout setting for a VPN group is 1 minute.

vpn-idle-timeout 1

However, even after one minute, the VPN will never be disconnected.

What configuration do need?

2 Accepted Solutions

Accepted Solutions

Hi,

Yes, session timeout will terminate VPN session as per the minutes you set. As per the config Idle timeout of VPN is set to 1 min and your are facing issue that VPN is not getting disconnected after 1 min right...??

Did you check the inactivity time of a anyconnect user  "sh vpn-sessiondb anyconnect filter name XXXX" 

If the inactivity reaches 1 min then VPN will get disconnected.  

#sh vpn-sessiondb anyconnect filter name abheesh

Session Type: AnyConnect

Username : abheesh Index : 2789
Assigned IP : XX.XX.XX.XX Public IP : XX.XX.XX.XX
Protocol : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License : AnyConnect Premium
Encryption : AnyConnect-Parent: (1)none SSL-Tunnel: (1)AES-GCM-256 DTLS-Tunnel: (1)AES256
Hashing : AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA384 DTLS-Tunnel: (1)SHA1
Bytes Tx : 216584 Bytes Rx : 96473
Group Policy : XX.XX.XX.XX-POLICY
Tunnel Group : XX.XX.XX.XX-PROFILE
Login Time : 11:17:58 QA Sat Feb 29 2020
Duration : 0h:00m:40s
Inactivity : 0h:00m:00s
VLAN Mapping : N/A VLAN : none
Security Grp : none

Hope This Helps

Abheesh

View solution in original post

Hi I have just test this. even though i set my idel-timeout 1. but it took anyconnect to discounted in 3minutes. what i noted is you have to make sure the anyconnect which is install on the machine is not sending/receiving any traffic at all. which mean the machine need to be in silent mode in order to not sending any noise toward anyconnect. if it is sending receving traffic it wound not discount from ASA.

 

110.PNG

please do not forget to rate.

View solution in original post

20 Replies 20

Is this anyconnect or for site-to-site vpn?

please do not forget to rate.

remote vpn, anyconnect

Hi,
Try adding vpn-session-timeout value under group policy and check.

Hope This Helps

Abheesh

I added a config and tried the test several times.
But VPN don't disconnect.

VPN-ASA-IMSI# sh run group-policy
group-policy GroupPolicy_VPN_IMSI internal
group-policy GroupPolicy_VPN_IMSI attributes
wins-server none
vpn-idle-timeout 1
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_IMSI_Tunnel
webvpn
anyconnect profiles value VPN_IMSI type user

here vpn-session-timeout 1 value under group policy and test it

please do not forget to rate.

I added a config and tried the test several times.
But VPN don't disconnect.

VPN-ASA-IMSI# sh run group-policy
group-policy GroupPolicy_VPN_IMSI internal
group-policy GroupPolicy_VPN_IMSI attributes
wins-server none
vpn-idle-timeout 1
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_IMSI_Tunnel
webvpn
anyconnect profiles value VPN_IMSI type user

okay try change the default-group idle-timout

 

group-policy DfltGrpPolicy attributes
vpn-idle-timeout 1

please do not forget to rate.

group-policy DfltGrpPolicy attributes
 vpn-idle-timeout 1
group-policy GroupPolicy_VPN_IMSI internal
group-policy GroupPolicy_VPN_IMSI attributes
 wins-server none
 vpn-idle-timeout 1
 vpn-tunnel-protocol ssl-client
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value VPN_IMSI_Tunnel
 webvpn
  anyconnect profiles value VPN_IMSI type user

 

After setting the monitor for 5 minutes, the VPN cannot be disconnected.

Hi I have just test this. even though i set my idel-timeout 1. but it took anyconnect to discounted in 3minutes. what i noted is you have to make sure the anyconnect which is install on the machine is not sending/receiving any traffic at all. which mean the machine need to be in silent mode in order to not sending any noise toward anyconnect. if it is sending receving traffic it wound not discount from ASA.

 

110.PNG

please do not forget to rate.

Hi, Change like below and test.

group-policy GroupPolicy_VPN_IMSI internal
group-policy GroupPolicy_VPN_IMSI attributes
wins-server none
vpn-idle-timeout 1
vpn-session-timeout 1
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_IMSI_Tunnel

Hope This Helps

Abheesh

session-timeout : disconnects even when a tunnel is in use.
I'm right ??
I want to disconnect the VPN when not in use.

Hi,

Yes, session timeout will terminate VPN session as per the minutes you set. As per the config Idle timeout of VPN is set to 1 min and your are facing issue that VPN is not getting disconnected after 1 min right...??

Did you check the inactivity time of a anyconnect user  "sh vpn-sessiondb anyconnect filter name XXXX" 

If the inactivity reaches 1 min then VPN will get disconnected.  

#sh vpn-sessiondb anyconnect filter name abheesh

Session Type: AnyConnect

Username : abheesh Index : 2789
Assigned IP : XX.XX.XX.XX Public IP : XX.XX.XX.XX
Protocol : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License : AnyConnect Premium
Encryption : AnyConnect-Parent: (1)none SSL-Tunnel: (1)AES-GCM-256 DTLS-Tunnel: (1)AES256
Hashing : AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA384 DTLS-Tunnel: (1)SHA1
Bytes Tx : 216584 Bytes Rx : 96473
Group Policy : XX.XX.XX.XX-POLICY
Tunnel Group : XX.XX.XX.XX-PROFILE
Login Time : 11:17:58 QA Sat Feb 29 2020
Duration : 0h:00m:40s
Inactivity : 0h:00m:00s
VLAN Mapping : N/A VLAN : none
Security Grp : none

Hope This Helps

Abheesh

You're right. I finished all the Windows processes with VPN connected and monitored without doing anything. No solution?

can you share the output of "sh vpn-sessiondb anyconnect filter name XXXX"
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: