Not sure you get what I am trying to do here. Three options

1. Timer is hit and it disconnects you from VPN (and wipes out all your ongoing putty sessions)

2. Disconnect and then reconnect (which wipes out all your ongoing putty sessions)

3. Refresh (has to be done BEFORE the timer is hit). You still have to re-login and re-certify yourself. Exactly the same thing you do when you connect to the VPN. Basically all this does is reset the disconnect timer to what it was originally (in my case, 7 days).

It's that LAST one that doesn't wipe out all your ongoing putty sessions. It never breaks the VPN connection.

It seems that you need to reconsider why a session timeout is configured in your group policy when you don’t want/need to be disconnected at all. 

Your ‘refresh’ idea would require the user to be either, near the computer when the timer is about to expire, or remember to hit the ‘refresh’ button every once in a while, otherwise the session will be dropped anyway. 

In any case, you can bring up this idea to your Cisco account team, so they can present it to the AnyConnect business unit. 

-Pablo

As you state, I am not trying to change the timeout processing one iota. If I don't do anything, I'm disconnected. Fine....security is happy.

What I am trying to do is avoid the disconnect by securely refreshing my VPN session withing the timeout window. My timeout is currently setup as a week, which is a lot better than it was - one day.

I work as a support engineer. Sometimes I have up to 10 putty sessions going at any given time. Some issue is happening that I am trying to monitor (through a recurring SQL statement that runs every 15 minutes), or capturing data in a tail -f logFille.log | grep somethingInteresting | tee -a someOtherLogFile.

Here's what I normally do now.

1. see the dreaded disconnect about to happen

2. copy all the latest putty command sessions into a text file

3. either wait for the disconnect, or do an explicit disconnect/connect so I can move on with my day

4. open all the putty sessions up again

5. get to the right directory

6. execute the command again

Here is what I want to do

1. see the dreaded disconnect about to happen

2. click the refresh button

3. login again

Done. How is steps 2-3 in my preferred method any less secure than step 3 in my current process flow? The main thing it does is save me 30 minutes from having to re-establish all my connections.

Yes, there are ways to get around this and I've tried a lot of them. I can nohup my command. I can setup the command in a shell script and re-run the shell script instead of cutting and pasting the whole command. Executing the command out of history.

My main problem with all that is they are work arounds to getting disconnected in the first place. I was hoping i could mention something that should be a no-brainer - probably easy to implement without changing the security pattern any - and get someone to say "wow...that IS a good idea. I can push this one up the chain of command and add a new feature to our product that a lot of people can use"

But apparently not. Or maybe you don't do enough putty sessions. Or I got the wrong person looking at this note and they're just not getting it.

I work for a large company and have no idea who my Cisco account team is. Maybe I'll try and post something through my IT group, but they are probably going to be as useful as this chat.