04-06-2016 11:54 PM - edited 02-21-2020 08:45 PM
Hi,
I have the flowing Anyconnect SSL configuration:
webvpn gateway SSLVPNGW
ip address a.b.c.d port 443
ssl trustpoint abc.ro
logging enable
no inservice
!
webvpn install svc flash0:/webvpn/anyconnect-win-4.2.02075-k9.pkg sequence 1
!
webvpn context VPN1
ssl authenticate verify all
!
!
policy group MYPOLICY
functions svc-enabled
svc address-pool "SSL-POOL" netmask 255.255.255.0
svc keep-client-installed
svc split include 192.168.0.0 255.255.0.0
svc dns-server primary 192.168.88.77
!
policy group MYPOLICY1
functions svc-enabled
timeout idle 28800
timeout session 28800
svc address-pool "SSL-POOL" netmask 255.255.255.0
svc keep-client-installed
svc split include 192.168.0.0 255.255.0.0
svc dns-server primary 192.168.88.77
virtual-template 8
default-group-policy MYPOLICY1
aaa authentication list userauthen
gateway SSLVPNGW
max-users 30
inservice
All works fine except the session and idle timeout.
No Mather what I do the client always get 3600 seconds.
Example:
Username : abc Num Connection : 2
Public IP : a.b.c.d VRF Name : None
Context : VPN1 Policy Group : MYPOLICY1
Last-Used : 00:00:00 Created : 09:45:46.189 RO Thu Apr 7 2016
Session Timeout : 3600 Idle Timeout : 3600
DNS primary serve : 192.168.88.77
DPD GW Timeout : 300 DPD CL Timeout : 300
Address Pool : SSL-POOL MTU Size : 1399
Rekey Time : 3600 Rekey Method :
Lease Duration : 3600
Tunnel IP : 192.168.91.38 Netmask : 255.255.255.0
Rx IP Packets : 4 Tx IP Packets : 12
CSTP Started : 00:00:11 Last-Received : 00:00:00
CSTP DPD-Req sent : 0 Virtual Access : 2
Msie-ProxyServer : None Msie-PxyPolicy : Disabled
Msie-Exception :
Split Include : 192.168.0.0 255.255.0.0
Client Ports : 1304 1306
DTLS Port : 1313
Can someone help me change this to something longer?
Thank you,
Laszlo
04-07-2016 12:00 AM
Hi,
The following example sets the idle timer to 30 minutes and session timer to
10 hours:
Router(config)# webvpn context SSL_Context
Router(config-webvpn-context)# policy group SSL_Group
Router(config-webvpn-group)# timeout idle 1800
Router(config-webvpn-group)# timeout session 36000
Regards,
Aditya
Please rate helpful posts and mark correct answers.
04-07-2016 12:21 AM
Well in my policy it is also set to:
policy group MYPOLICY1
functions svc-enabled
timeout idle 28800
timeout session 28800
The problem is that it is not applied to the user session.
I tried to recreate the context and the service...same result.
thanks,
Laszlo
04-07-2016 01:42 AM
problem solved.
attributes are sent from radius and overwrites the ones sent on the router.
thanks,
laszlo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide