Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
310
Views
0
Helpful
1
Replies

ISE session limit vs Group Policy session limit who wins?

cgarringer
Level 1
Level 1

‎11-18-2022 08:21 AM

We have ISE authentication on VPN, when successful ISE returns the session timout, idle timeout and the Group Policy .    The Group Policy configured on the FMC also sets the session and idle timeouts.     We appear to be getting  mixed results, some users are getting ISE limits and some are getting the Group Policy limits.   Which is supposed to have priority?

Labels:
0 Helpful
1 Reply 1

Milos_Jovanovic
VIP Alumni
VIP Alumni

‎11-20-2022 11:30 AM

Hi @cgarringer,

There is a priority for standard attributes which can be defined in multiple points (e.g. IP pool can be defined under tunnel-group, but also under group-policy). You can find more details here. Depending on how you configured these attributes, they will either take presedence from AAA server or from local ASA configuration.

Kind regards,

Milos

0 Helpful
Customers Also Viewed These Support Documents