cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3003
Views
1
Helpful
3
Replies

Anyconnect VPN Idle Timeout Security Implications

YV65577
Level 1
Level 1

Hi All

 

General question, are there any security implications/concerns if we were to configure our Anyconnect VPN "idle-timeout" setting to unlimited?

 

Currently it is the default (30 mins) meaning when a laptop user closes their lid and puts the laptop to sleep, if they return to it 45 mins later they get a Cisco anyconnect popup warning advising they VPN has been disconnected due to the idle timeout being exceeded. If we were to set the idle timeout to none or simply 100 days for example, would this cause raise security issues?

 

Our laptops are Windows 10 and will be protected using multi factor authentication. There would also be minimal company data on the laptop itself.

 

 

3 Replies 3

This depend on what your company policy is to be honest. having a multi authentication is good. at the same having a idle timeout in place is also good in regards to security best practice.

please do not forget to rate.

Thanks Sheraz,

 

We dont have a specific security policy related to this issue so its new to us. Hence why I was just trying to understand what (if any) security implications this would introduce. 

 

My opinion on this is that if a idle VPN session can be penetrated/hacked then the VPN isn't secure full stop. The whole point of the VPN is that only the device that initiated the connection can re-connect to that idle session. However I am a Windows system admin, i have very little knowledge on Cisco and its networking components.

 

 

 

 

you raise a very valid point. but I guess in your case vpn-dile-timeout is better to be in place.

vpn-idle-timeout 30 = the amount of time the vpn connection is idle ie. no activity seen on the tunnel, before it is disconnected vpn-session-timeout 900 = the amount of time the VPN tunnel is allowed to stay up regardless of whether there is activity or not.

please do not forget to rate.