cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1171
Views
0
Helpful
3
Replies

VPN concentrator 3020 - wait for user logout before poweroff

Bela Mareczky
Level 1
Level 1

Dear Forum Community!

We have a Cisco 3020 concentrator VPN load-balancing cluster configured, the device at primary site operating with master priority. We would like to shut down the master device because of a short maintenance.

I wonder if there is an option in VPN concentrator GUI, which waits for all active sessions to voluntary terminate before shutdown/reboot. Does anybody have any experience about this feature?

There are always ~80-100 remote access VPN user online, and don't want to break these user's connections with a simple poweroff.

Thanks and BR

Belabacsi

Budapest, Hungary

1 Accepted Solution

Accepted Solutions

I just wanted to clarify two things.

I always save my configuration file ahead of rebooting.  That is why I reboot without saving. I think my wording may have been misleading. 

If you require your clients to re-authenticate the VPN session after a specified period of time, for example 10 hours, the VPN session will be moved to another cluster member when the session is re-authenticated.  Each client won't have to re-establish the VPN session on another concentrator in the cluster.   If you are not using this feature you'll have to wait until each of them terminates his VPN session.

View solution in original post

3 Replies 3

slmansfield
Level 4
Level 4

Yes, I have a lot of experience with that feature, it is wonderful.  The setting to change is:

Administration -> System Reboot

Click the radio button for:  Shutdown without automatic reboot

Click the radio button for whatever is appropriate for saving your configuration file.  I always make sure my configuration file is saved, so I usually chose: Reboot without saving active configuration file

Last, and most important, click the radio button for Wait for sessions to terminate (don't allow new sessions)

If the device is the cluster master, one of the other cluster members will immediately take over as the master.

I have never had a problem with this disrupting service.  It is a great feature for managing changes without disrupting anyone.

HTH

I just wanted to clarify two things.

I always save my configuration file ahead of rebooting.  That is why I reboot without saving. I think my wording may have been misleading. 

If you require your clients to re-authenticate the VPN session after a specified period of time, for example 10 hours, the VPN session will be moved to another cluster member when the session is re-authenticated.  Each client won't have to re-establish the VPN session on another concentrator in the cluster.   If you are not using this feature you'll have to wait until each of them terminates his VPN session.

Dear slmansfield!

Thanks for Your answer! Great feature, working perfectly! :-)

Regards,

Belabacsi