11-24-2010 06:33 PM - edited 02-21-2020 04:59 PM
Dear NetPro gurus,
On the Cisco ASA firewall, Is there any way I can make the a particular VPN session for AnyConnect SSLVPN users to 'infinite' so that it will 'never time out'??
Cheers,
Hunt
11-24-2010 06:41 PM
You can change the group policy settings for "vpn-idle-timeout" to be the max:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1630720
If you set it to "none" unfortunately it will use the default idle timeout settings, unless you change that too.
The max you can set is 35791394 minutes == 596523 hours == 24855 days == 68 years. I am sure your user will not be idle for 68 years
Hope that helps.
11-24-2010 06:51 PM
Hi Jennifer,
Thanks for your quick reply.
In that case, what's the difference between vpn-idle-timeout VS vpn-session-timeout??
Should i change both settings to 35791394??
Cheers,
Hunt
11-24-2010 06:56 PM
vpn-idle-timeout: timeout when the user is actually idle (not passing any traffic to and from the vpn).
vpn-session-timeout: this is an absolute timeout for the vpn session from the time the user connects.
vpn-session-timeout should be set to "none":
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1631430
so:
vpn-idle-timeout 35791394
vpn-session-timeout none
Hope that helps.
11-24-2010 08:10 PM
Please kindly mark the post as answered if you have no further question. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide