Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
35254
Views
25
Helpful
5
Replies

What is the difference between vpn-idle-timeout and vpn-session-timeout?

Go to solution
ttrevino1
Level 1
Level 1

‎12-05-2008 07:58 AM - edited ‎03-11-2019 07:21 AM

I have some users going through an 5520, and their session gets dropped at some point in the evening, rather than staying active until they disconnect. The config is set for:

vpn-idle-timeout 30

vpn-session-timeout 900

What is the difference in these 2? Does one override the other? Looking at these settings, I would think the session would drop after 30 minutes of inactivity, however, in another firewall, the config is set to:

vpn-idle-timeout 30

vpn-session-timeout none

and they don't ever get dropped.

Any suggestions? I need the vpn in the first config to not timeout overnight. Thanks, Tony

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎12-05-2008 08:10 AM

Tony

vpn-idle-timeout 30 = the amount of time the vpn connection is idle ie. no activity seen on the tunnel, before it is disconnected

vpn-session-timeout 900 = the amount of time the VPN tunnel is allowed to stay up regardless of whether there is activity or not.

Both times are in minutes. So setting vpn-session-timeout to none as on the other device means the session time is unlimited.

Jon

View solution in original post

5 Replies 5

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎12-05-2008 08:10 AM

Tony

vpn-idle-timeout 30 = the amount of time the vpn connection is idle ie. no activity seen on the tunnel, before it is disconnected

vpn-session-timeout 900 = the amount of time the VPN tunnel is allowed to stay up regardless of whether there is activity or not.

Both times are in minutes. So setting vpn-session-timeout to none as on the other device means the session time is unlimited.

Jon

Go to solution
ttrevino1
Level 1
Level 1
In response to Jon Marshall

‎12-05-2008 08:13 AM

Hi John, thanks for the help, that answered my question. Have a great day!

0 Helpful

Go to solution
ttrevino1
Level 1
Level 1
In response to Jon Marshall

‎12-05-2008 08:24 AM

Hey John, one last question, can I make this change without affecting currently connected vpn users?

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to ttrevino1

‎12-05-2008 08:36 AM

Tony

Now you are asking :-). From memory i believe these settings are negotiated when a client first connects so if you change them it should only effect new connections and should not reset existing connections.

But i wouldn't want to bet my house on it, so if you could do during quiet time it would be best.

Jon

Go to solution
ttrevino1
Level 1
Level 1
In response to Jon Marshall

‎12-05-2008 08:39 AM

Okay, thanks. I'll just let them know when I'm going to do it, so they can disconnect and reconnect. Thanks again!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card