cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
549
Views
2
Helpful
0
Comments
Salman Mahajan
Cisco Employee
Cisco Employee

On ASA/FTD ,  following connection parameters terminate the VPN session based on timeouts:

  • Maximum Connect Time—Sets the maximum user connection time in minutes. At the end of this time, the system terminates the connection. You can also allow unlimited connection time(default).

  • VPN Idle Timeout—Terminates any user’s session when the session is inactive for the specified time. If the VPN idle timeout is not configured, then the default idle timeout is used.

  • Default Idle Timeout—Terminates any user’s session when the session is inactive for the specified time. The default value is 30 minutes (or 1800 seconds) .

To Logoff all users at a specific time we can configure EEM Script ( Example below ) 

Note :- Incase of FTD , we would need to configure it through Flexconfig 

In below examples

  • We are defining absolute timer event .  Absolute (once-a-day) timers cause an event to occur once a day at a specified time, and restart automatically. The time-of-day format is in hh:mm:ss 

  • When an event manager applet is triggered based on absolute timer event , the actions on the event manager applet is performed  i-e logoff remote users at a specific time.

EXAMPLE 1:-  Event manager applet that Terminates the Users every day at 10:45PM

event manager applet Logoff
description Logoff every night
event timer absolute time 22:45:00
action 1 cli command "vpn-sessiondb logoff anyconnect noconfirm"
output none 

EXAMPLE 2 :- Event manager applet that Terminates the Users every day at 10:45PM and sends the output of the action commands to a new file for each event manager applet that is invoked.The filename has the format of eem-applet-timestamp.log, in which applet is the name of the event manager applet andtimestampis a dated timestamp in the format of YYYYMMDD-hhmmss ( see below  ) 

event manager applet Logoff
description Logoff every night
event timer absolute time 22:45:00
action 1 cli command "vpn-sessiondb logoff anyconnect noconfirm"
output new 

OUTPUT OF ACTION TAKEN SAVED IN FLASH :- 

ciscoasa(config)# more flash:/eem-Logoff-20230503-224500.log
Reason for log file generation:
absolute timer expired
------------------ vpn-sessiondb logoff anyconnect noconfirm @ 2023/05/03 22:45:00 ------------------
INFO: Number of sessions of type "anyconnect" logged off : 1


REFERENCED LINK :- ASA EEM feature

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: