Solved: How to limit client VPN connection time in Router2821

Lasandro Lopez · ‎03-12-2013

I've setup a cisco router 2821 with VPN (client) and it is working fine.

All the configuration i've done via CLI

BUt i want that a user vpn client to have:

Maximum connection time 30 min

Maximum idle time 15 min

Where i've to put this commands?

Regards!

Javier Portuguez · ‎03-12-2013

Hi Lasandro,

Looks like max connect timer is not yet available, but idle timeout is.

You can configure it in the dynamic map by using the "set security-association idle-timeout" command.

Or apply it globally with idle-time of 60secs just to check:

"crypto ipsec security-association idle-time 60"

HTH.

Portu.

Please rate any helpful posts.

Javier Portuguez · ‎03-12-2013

Hi Lasandro,

Looks like max connect timer is not yet available, but idle timeout is.

You can configure it in the dynamic map by using the "set security-association idle-timeout" command.

Or apply it globally with idle-time of 60secs just to check:

"crypto ipsec security-association idle-time 60"

HTH.

Portu.

Please rate any helpful posts.

Lasandro Lopez · ‎03-16-2013

Thank you Javier!
Your answer is what i was looking for.
Regards!

Javier Portuguez · ‎03-16-2013

Hi Lasandro,

Great news to hear

Have a nice weekend!

Javier Portuguez · ‎03-12-2013

A trick that may help you out for the session time-out timer, is the following:

1- Disable the "save password" option in the PCF file (which is on the client's machine) and ISAKMP client group on the IOS.

2- Set the Phase I lifetime to something less than 8 hours, so then, the clients will be forced to reconnect when the Phase I rekey occurs.

HTH.

Portu.

Please rate any helpful posts.