Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
248
Views
0
Helpful
2
Replies

Multiple Q's re: 3002

6callert
Level 1
Level 1

‎06-09-2005 07:21 PM - edited ‎03-09-2019 11:32 AM

1)

I've a 3002 that is sporadically used for some remote office connectivity. I seem to recall that the 3002 could be configured for individual user authentication such that when users opened a browser they would be redirected to the authentication screen.

Is this still possible or am I confused about the previous user interaction. When I did this last I was running Concentrator 4.0.0Rel I'm now on 4.1.7E

2)

Once I've Authenticated the user I want them to stay online as long as possible (days if possible) This seems to be possible so long as the client does not do a DHCP request or reboot.

a)

Am I correct in my assumption around DHCP

b)

are there any hard limits on session lenght with user authentication enabled

c)

What other factors affect Session length

Thanks!

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎06-09-2005 08:45 PM

1. This is certainly still possible in 4.1(7) code, but it is actually configured under the Group parameters on the head-end concentrator that you're connecting into. See http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_1/config/usermgt.htm#wp1851484 for details of the config on the VPN3000 side.

2. Even a DHCP request should keep the tunnel up, provided the IP address doesn't change (which it normally wouldn't).

3. No limits, I use a 3002 at home to connect into Cisco's network and I've had the VPN tunnel stay up for around 20 days before.

4. The main issue I personally run into is my Internet DSL connection. That tends to drop out every few days or so which brings the tunnel down. Also, there will need to be traffic flowing from behind the 3002 across the tunnel for the 3002 to keep building new security associations each hour when they would normally time out (I have an IP phone behind my 3002 which sends traffic out constantly). Other than that as long as there is no hard session timeout set on the head-end, the tunnel should stay up forever.

0 Helpful

6callert
Level 1
Level 1
In response to gfullage

‎06-10-2005 03:52 AM

I will take a look into the link you provided. However my other questions are related to the (authenticated) client sessions behind the 3002. I want to authenticate the user vis individual user authentication and then leave them alone for as long as possible.

0 Helpful
Customers Also Viewed These Support Documents