cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
286
Views
5
Helpful
3
Replies

ASA not releasing vpn connection fast enough.

KGrev
Participant
Participant

Hi,

 

I have some devices that occasionally get rebooted while there is an active vpn session. They use local user names and passwords with a static ip assigned.

The problem is when they reboot it is very quick and the vpn has not ended the previous session yet. It ends up giving it an ip from a stanby ip space but this is undesirable.

How would i go about decreasing the time the connection is retained to back it drop sooner?

 

Thank you

1 Accepted Solution

Accepted Solutions

I think the idle timeout is config under the group-policy, so if the VPN tunnel-group use specific group-policy then under it change the idle timeout. 
and for other tunnel-group keep it as default.

View solution in original post

3 Replies 3

MHM Cisco World
VIP Mentor VIP Mentor
VIP Mentor

I don't full understand your Q 
but there is two timeout 
one is idle other is session timeout, 
you can increase idle timeout this make all VPN detail save in ASA in case the use reconnect again within this time.

MHM,

 

Thank you for your response.

Correct, i want the "idle" or "wait for me to come back into communication" timer to be lower so the ASA will drop the session and not hold onto that IP.

Is there a way I can do this for one VPN profile and not all of them?

I think the idle timeout is config under the group-policy, so if the VPN tunnel-group use specific group-policy then under it change the idle timeout. 
and for other tunnel-group keep it as default.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers