IP DHCP Lease on Cisco AnyConnect VPN user

fersherls · ‎05-25-2020

Hello Cisco Community

I got an Anyconnect VPN configured, users grab from a Pool of IPs to get theirs.

My question will be is there a way to modify the time they stick on their Lease IP? So even if they logout for lets say 5 minutes, when they log back again they got the same IP assigned?

Wonder if this command works for that purpose

vpn-idle-timeout 30

Final goal is for users to logout for 10 minutes and when they log back again they have the same IP.

Best Regards!

balaji.bandi · ‎05-25-2020

That option you need to Look at DHCP Server side, lease time settings

what DHCP Server you using ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

fersherls · ‎05-25-2020

There is no DHCP server that I know here, the "DHCP" itself is being done by the same FW under the group policy attributes with this

address-pool "value of the pool of IPs"

My thoughts is that the lease depends on if the VPN Session is active or not, might be wrong.

Best regards!

balaji.bandi · ‎05-26-2020

if DHCP is offering by ASA

you have command as below :

dhcpd lease (300-XXXXXXX) by default it is 3600 seconds.

But again different factor we need to consider, roaming, reconnect - how your profile configured.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

fersherls · ‎05-27-2020

Maybe I did wrong in mentioning DHCP at the title

There is no DHCP line in the ASA, with the following command

ip address pool under group policy attributes the anyconnect users are assigned with an IP.

To help out I got 3 FWs, 2 of them of the VPN Users disconnect and connect back again they got a different IP, The other Firewall they could stay logout for about 20 minutes and when they log back again they got the same IP Assigned.

My guess is that this also depends if the session is terminated or not.

Best Regards!