Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
0
Helpful
3
Replies

Router Anyconnect SSL timeout

laposilaszlo
Level 1
Level 1

‎04-06-2016 11:54 PM - edited ‎02-21-2020 08:45 PM

Hi,

I have the flowing Anyconnect SSL configuration:

webvpn gateway SSLVPNGW
 ip address a.b.c.d port 443
 ssl trustpoint abc.ro
 logging enable
 no inservice
 !
webvpn install svc flash0:/webvpn/anyconnect-win-4.2.02075-k9.pkg sequence 1
 !
webvpn context VPN1
 ssl authenticate verify all
 !
 !
 policy group MYPOLICY
   functions svc-enabled
   svc address-pool "SSL-POOL" netmask 255.255.255.0
   svc keep-client-installed
   svc split include 192.168.0.0 255.255.0.0
   svc dns-server primary 192.168.88.77
 !
 policy group MYPOLICY1
   functions svc-enabled
   timeout idle 28800
   timeout session 28800
   svc address-pool "SSL-POOL" netmask 255.255.255.0
   svc keep-client-installed
   svc split include 192.168.0.0 255.255.0.0
   svc dns-server primary 192.168.88.77
 virtual-template 8
 default-group-policy MYPOLICY1
 aaa authentication list userauthen
 gateway SSLVPNGW
 max-users 30
 inservice

All works fine except the session and idle timeout.

No Mather what I do the client always get 3600 seconds.

Example:

Username          : abc               Num Connection : 2
Public IP         : a.b.c.d VRF Name       : None
Context           : VPN1                 Policy Group   : MYPOLICY1
Last-Used         : 00:00:00             Created        : 09:45:46.189 RO Thu Apr 7 2016
Session Timeout   : 3600                 Idle Timeout   : 3600
DNS primary serve : 192.168.88.77
DPD GW Timeout    : 300                  DPD CL Timeout : 300
Address Pool      : SSL-POOL             MTU Size       : 1399
Rekey Time        : 3600                 Rekey Method   :
Lease Duration    : 3600
Tunnel IP         : 192.168.91.38        Netmask        : 255.255.255.0
Rx IP Packets     : 4                    Tx IP Packets  : 12
CSTP Started      : 00:00:11             Last-Received  : 00:00:00
CSTP DPD-Req sent : 0                    Virtual Access : 2
Msie-ProxyServer  : None                 Msie-PxyPolicy : Disabled
Msie-Exception    :
Split Include     : 192.168.0.0 255.255.0.0
Client Ports      : 1304 1306
DTLS Port         : 1313

Can someone help me change this to something longer?

Thank you,

Laszlo

Labels:
0 Helpful
3 Replies 3

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎04-07-2016 12:00 AM

Hi,

The following example sets the idle timer to 30 minutes and session timer to
10 hours:

Router(config)# webvpn context SSL_Context
Router(config-webvpn-context)# policy group SSL_Group
Router(config-webvpn-group)# timeout idle 1800
Router(config-webvpn-group)# timeout session 36000

Regards,

Aditya

Please rate helpful posts and mark correct answers.

0 Helpful

laposilaszlo
Level 1
Level 1
In response to Aditya Ganjoo

‎04-07-2016 12:21 AM

Well in my policy it is also set to:

 policy group MYPOLICY1
   functions svc-enabled
   timeout idle 28800
   timeout session 28800

The problem is that it is not applied to the user session.

I tried to recreate the context and the service...same result.

thanks,

Laszlo

0 Helpful

laposilaszlo
Level 1
Level 1
In response to laposilaszlo

‎04-07-2016 01:42 AM

problem solved.

attributes are sent from radius and overwrites the ones sent on the router.

thanks,

laszlo

0 Helpful
Customers Also Viewed These Support Documents