05-25-2020 11:02 AM
Hello Cisco Community
I got an Anyconnect VPN configured, users grab from a Pool of IPs to get theirs.
My question will be is there a way to modify the time they stick on their Lease IP? So even if they logout for lets say 5 minutes, when they log back again they got the same IP assigned?
Wonder if this command works for that purpose
vpn-idle-timeout 30
Final goal is for users to logout for 10 minutes and when they log back again they have the same IP.
Best Regards!
05-25-2020 12:58 PM
That option you need to Look at DHCP Server side, lease time settings
what DHCP Server you using ?
05-25-2020 01:41 PM
There is no DHCP server that I know here, the "DHCP" itself is being done by the same FW under the group policy attributes with this
address-pool "value of the pool of IPs"
My thoughts is that the lease depends on if the VPN Session is active or not, might be wrong.
Best regards!
05-26-2020 11:16 AM
if DHCP is offering by ASA
you have command as below :
dhcpd lease (300-XXXXXXX) by default it is 3600 seconds.
But again different factor we need to consider, roaming, reconnect - how your profile configured.
05-27-2020 08:32 AM
Maybe I did wrong in mentioning DHCP at the title
There is no DHCP line in the ASA, with the following command
ip address pool under group policy attributes the anyconnect users are assigned with an IP.
To help out I got 3 FWs, 2 of them of the VPN Users disconnect and connect back again they got a different IP, The other Firewall they could stay logout for about 20 minutes and when they log back again they got the same IP Assigned.
My guess is that this also depends if the session is terminated or not.
Best Regards!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide