04-05-2010 01:01 PM
I have the need for disconnect VPN users at certain time. Is there any way to automate this task, like a script maybe. Cisco ASA platform.
04-05-2010 03:42 PM
Hi,
On the Group-Policy that you're using for the VPN clients, you have the following options:
vpn-access-hours
To enter name of a configured time-range policy to allow connections only on a specific time range
vpn-idle-timeout
Enter idle timeout period in minutes to disable the VPN tunnel after a configurable idle period
For the first option you must configure a time range policy and then apply it to the group-policy (linked to the tunnel-group of the VPN clients)
Federico.
04-06-2010 05:24 AM
Hi,
But in this case if the:
vpn-access-hours: from 09:00-18:00
vpn-idle-timeout: 30 mins
and the user connect at 17:59, he will be connect until 18:29.
and the normal VPN connections during business hours will also be disconnected every 30 minutes.
Is that correct ?
Regards and thanks for the reply.
04-06-2010 05:32 AM
"vpn-idle-timeout: 30 mins" --> only when the vpn user is idle for 30 mins, it will get disconnected. If users are actively sending traffic through the tunnel, the vpn tunnel will never get disconnected, until they are idle for 30 mins.
If you would like absolute session timeout --> "vpn-session-timeout 30" --> vpn user will be connected only for 30 minutes.
And yes, this goes for any time.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide