Solved: ASA not releasing vpn connection fast enough.

KGrev · ‎06-23-2022

Hi,

I have some devices that occasionally get rebooted while there is an active vpn session. They use local user names and passwords with a static ip assigned.

The problem is when they reboot it is very quick and the vpn has not ended the previous session yet. It ends up giving it an ip from a stanby ip space but this is undesirable.

How would i go about decreasing the time the connection is retained to back it drop sooner?

Thank you

MHM Cisco World · ‎06-23-2022

I think the idle timeout is config under the group-policy, so if the VPN tunnel-group use specific group-policy then under it change the idle timeout.
and for other tunnel-group keep it as default.

View solution in original post

MHM Cisco World · ‎06-23-2022

I don't full understand your Q
but there is two timeout
one is idle other is session timeout,
you can increase idle timeout this make all VPN detail save in ASA in case the use reconnect again within this time.

KGrev · ‎06-23-2022

MHM,

Thank you for your response.

Correct, i want the "idle" or "wait for me to come back into communication" timer to be lower so the ASA will drop the session and not hold onto that IP.

Is there a way I can do this for one VPN profile and not all of them?

MHM Cisco World · ‎06-23-2022

I think the idle timeout is config under the group-policy, so if the VPN tunnel-group use specific group-policy then under it change the idle timeout.
and for other tunnel-group keep it as default.