05-01-2020 08:11 AM
Hi All
General question, are there any security implications/concerns if we were to configure our Anyconnect VPN "idle-timeout" setting to unlimited?
Currently it is the default (30 mins) meaning when a laptop user closes their lid and puts the laptop to sleep, if they return to it 45 mins later they get a Cisco anyconnect popup warning advising they VPN has been disconnected due to the idle timeout being exceeded. If we were to set the idle timeout to none or simply 100 days for example, would this cause raise security issues?
Our laptops are Windows 10 and will be protected using multi factor authentication. There would also be minimal company data on the laptop itself.
05-01-2020 09:15 AM - edited 05-01-2020 09:16 AM
This depend on what your company policy is to be honest. having a multi authentication is good. at the same having a idle timeout in place is also good in regards to security best practice.
05-04-2020 12:42 AM
Thanks Sheraz,
We dont have a specific security policy related to this issue so its new to us. Hence why I was just trying to understand what (if any) security implications this would introduce.
My opinion on this is that if a idle VPN session can be penetrated/hacked then the VPN isn't secure full stop. The whole point of the VPN is that only the device that initiated the connection can re-connect to that idle session. However I am a Windows system admin, i have very little knowledge on Cisco and its networking components.
05-04-2020 03:16 AM
you raise a very valid point. but I guess in your case vpn-dile-timeout is better to be in place.
vpn-idle-timeout 30 = the amount of time the vpn connection is idle ie. no activity seen on the tunnel, before it is disconnected vpn-session-timeout 900 = the amount of time the VPN tunnel is allowed to stay up regardless of whether there is activity or not.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide