Solved

Cisco pix firewalls and Idle time out

Posted on 2004-09-01
7
201 Views
Last Modified: 2013-11-16
I have a Pix 515E firewall that I am using for VPN access to the network. I have the following line in my configuration for Timeout when the user is Idle:
vpngroup Group name idle-time 1800
 This line is present but when a user connects and is idle for the alotted time they are not disconnected. Is there another command that needs to be added to acomplish this ?

Also is there a way to send a disclaimer when a user logs into the firewall using a vpn client.

Thanks for your help

Bob W
0
Comment
Question by:BobWoodard01
7 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 11956886
how about

isakmp keepalive 30
0
 

Author Comment

by:BobWoodard01
ID: 11956984
I do not have that line in my configuration. Please tell me what that does.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11957053
sends a keep-alive pulse down the VPN tunnel every 30 seconds
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:BobWoodard01
ID: 11957144
That should keep the tunnel up, not disconnect it. Iwant the user to bedisconnected if they leave the computer for 30 minutes without doing anything.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11957309
=/ I am a clown! sorry man, a clear case of RTFQ my appols

Pete
0
 
LVL 1

Expert Comment

by:tevens
ID: 11973837
You have the right command.  The most likely cause is that the user isn't idle.  Windows is a very chatty.  Even when you aren't doing anything the Windows OS is.  I would recommand putting an ACL on the user to block the standard chattness of windows.

--Tim
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
ID: 11988072
>is there a way to send a disclaimer when a user logs into the firewall using a vpn client.

With the VPN 3000 concentrator, yes, but not with the PIX.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CPU at 100% usage, why? 27 128
CCNA lab 6 34
Cisco 5508 WLC software upgrade 2 28
Can you use inline network testing tools with Cisco port security? 2 6
Here are the five steps I suggest to every sysadmin to fix the fall-out from a security breach.
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now