Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3467
Views
0
Helpful
1
Replies

idle timeout for cisco anyconnect vpn client

Muhammad Rafi
Level 1
Level 1

‎02-03-2015 08:10 AM - edited ‎02-21-2020 08:03 PM

Hi All,

 

Can you please let me know how to set idle timeout for the cisco vpn client, I configured the idle timeout setting under the group policy for the ssl vpn but it is not making any difference, is there any bug in asa firmware ? but I am using the latest version 9.3(2) now but this change is not taking any effect.

 

Please let me know if you need more information, config etc ?

 

Thanks

 

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Sylwester Kolakowski
Level 1
Level 1

‎02-05-2019 06:48 AM - edited ‎02-05-2019 06:54 AM

Muhammad,

Unfortunately since operating systems are super chatty these days, the Idle Timeout settings will not be very effective.  I've literally had users connected for almost 2 months without being disconnected and I know that they're not working 24 hours straight for almost 60 days.  The solution is to set the Maximum Connect Time (using ASDM) or vpn-session-timeout (using CLI) to an appropriate time length.  For example, if your average user works 8-10 hours daily, then I would suggest you set your vpn-session-timeout (a.k.a. Maximum Connect Time) to 720 minutes (12 hours).  Keep in mind, any currently connected users will need to disconnect and reconnect to download the newly configured settings, or you can just force a logout and once they reconnect their setting will be updated.  I hope this finds you well.  Cheers!

0 Helpful
Customers Also Viewed These Support Documents