- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2011 04:45 PM
Hello,
My searches are comming up blank for some reason, its just me. Just need to know where I can set a Max connect time so users dont camp on the ASA when they are not using it.
Thanks in advance!
Solved! Go to Solution.
- Labels:
-
VPN
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2011 06:58 AM
In the same link provided before - look under vpn-session-timeou configuration , this command enforces a maximun RA connection per tunnel or per username
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1631430
PLS rate helpful posts
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2011 09:16 PM
Hi,
if you meant users connected to ASA for administration of the firewall either by ssh/telnet/ or https you can set the timeout session for each of these connections to the asa to expired at a certain time in minutes , if this is not what you meant please let us know.
#telnet timeout < value in min> max is 1440 min
#ssh timeout
# http server session-timeou
See command references http://www.cisco.com/en/US/products/ps6120/prod_command_reference_list.html
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2011 09:20 PM
Sorry not what I meant. I was looking for Max Time out for VPN clients, i.e. after 24 hours they get disconnected regardless of activity and they are forced to reconnect.
Sorry for not clarifying earlier.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2011 09:23 PM
ok
You are looking at vpn-idle-timeout attribute settings under group-policy for yourRA vpn tunnel or per username , follow guidelines bellow.
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1630720
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2011 09:25 PM
Thanks! I already have that set though. When they have Outlook open it will never be idle .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2011 09:26 PM
So then the connection is not idle, if you want to enforce a connection time then there is other settings you can use.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2011 09:49 PM
You wouldnt happen to know them would you?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2011 06:58 AM
In the same link provided before - look under vpn-session-timeou configuration , this command enforces a maximun RA connection per tunnel or per username
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1631430
PLS rate helpful posts
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-03-2011 09:28 AM
Thanks!!
