Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13669
Views
0
Helpful
8
Replies

Anyconnect and session timeout

ehermansen
Level 1
Level 1

‎06-26-2019 06:45 AM

Hi,

I have a client that wants to disconnect VPN after 8 hours. This works fine with session timeout.

Problem is that if someone is working with connections and or tunnels they will be disconnected. So is it possible to get a warning one hour before the session gets terminated with possibility to "reauthenticate" without terminating the session.

 

Anyone knows if this is possible? I know it works on Checkpoint :)

 

Thanks..

 

Labels:
0 Helpful
8 Replies 8

Mohammed al Baqari
Level 11
Level 11

‎06-26-2019 11:17 AM

Yes you can do it. Here is the configuration

group-policy test-group attributes
vpn-session-timeout 480
vpn-session-timeout alert-interval 10

This will timeout the session after 8 hours and the user will get alert 10
mins before termination. Max is 30 mins , i.e. the user gets notification
30 mins before timeout.

**** Remember to rate useful posts.
0 Helpful

ehermansen
Level 1
Level 1
In response to Mohammed al Baqari

‎06-26-2019 11:22 AM

Thanks. But he will just get a warning and can not reauthenticate? He will still be kicked out..? 

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to ehermansen

‎06-26-2019 05:44 PM

Yes will be kicked out. Idle timeout doesn't have alerting. Only session
timeout has
0 Helpful

Tom Brosnan
Level 1
Level 1
In response to Mohammed al Baqari

‎02-18-2021 05:01 AM

Any help on seeing a popup message?

 

I never get a popup type message indicating my session is about to end in x minutes. Rather the AnyConnect VPN client 'green check mark symbol' changes to a 'yellow exclamation mark'. I'd prefer a popup message stating my connection is about to end in x minutes.

 

AnyConnect version testing with - 4.8.03052 and 4.9.03049

ASA OS - 9.12(3)12

ASDM ver - 7.13(1)

 

Current config under group-policy I am assigned -

group-policy xxxx attributes
vpn-session-timeout 15
vpn-session-timeout alert-interval 10

 

0 Helpful

Salman Mahajan
Cisco Employee
Cisco Employee
In response to Tom Brosnan

‎04-07-2023 11:35 AM - edited ‎04-07-2023 11:37 AM

We have an Enhancement raised for this requirement and it seems to be fixed in Cisco Secure Client 5.0.x as per my testing. Expecting this Enhancement will soon be updated with fixed release ( as an official announcement )  

ENH :- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe83079

0 Helpful

Salman Mahajan
Cisco Employee
Cisco Employee
In response to Salman Mahajan

‎04-07-2023 11:36 AM - edited ‎04-07-2023 09:45 PM

 

 

0 Helpful

JG1978
Level 1
Level 1

‎06-26-2019 11:20 AM - edited ‎06-26-2019 11:22 AM

This won't give a warning but is another work around.

 

The session timeout can be applied per Group Policy so a separate policy would allow different timeout values.

 

If you set the default group policy to "unlimited" and then create a new group policy for the client that wishes to disconnect after 8 hours, uncheck "inherit" under session timeout and pick the value you want.

 

Hope that helps!

0 Helpful

aninayak
Cisco Employee
Cisco Employee

‎06-26-2019 10:32 PM

Below should help achieve this requirement

 

group-policy test-group attributes
vpn-session-timeout <lifetime>
vpn-session-timeout alert-interval <timeout-value> <--- You can specify a range of 1-30 minutes.

 

For details refer below link 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpn-cli/vpn-groups.html

0 Helpful
Customers Also Viewed These Support Documents