ShawnGray
asked on
How do you disconnect a vpn user after a period of inactivity?
I'm new to Cisco routers and using the ASDM interface.
VPN users are connecting fine but I need to find a way to disconnect them automatically after a certain number of minutes.
I've adjusted
Group Policies > AnyConnectClientPolicy > Advanced > SSL VPN Client > Keepalive setting to 20 secs
But that didn't seem to trigger any event for a test user.
Thoughts on what I'm doing wrong?
VPN users are connecting fine but I need to find a way to disconnect them automatically after a certain number of minutes.
I've adjusted
Group Policies > AnyConnectClientPolicy > Advanced > SSL VPN Client > Keepalive setting to 20 secs
But that didn't seem to trigger any event for a test user.
Thoughts on what I'm doing wrong?
Justin Ellenbecker
The keep alive is how often a keep alive will be sent so it will never time out. You want to disable keep alives and then I think the Cisco default is to disconnect after 30 minutes of inactivity.
In ASDM you should be able to set the Maximum Connected time and Idle Timeout on the General Tab of the Group Policy you are working with. It may be set to inherit, from there you can specify them if you so choose.
ASKER
Some progress. The "max connected time" works but thats a little abrupt for users.
The "Idle Timeout" doesn't seem to do what I expect. I set it for 1 minute, made my connection and did nothing for 2½ minutes but it maintained the connection. Not certain how it defines "Idle".
The "Idle Timeout" doesn't seem to do what I expect. I set it for 1 minute, made my connection and did nothing for 2½ minutes but it maintained the connection. Not certain how it defines "Idle".
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Those are good points. Thank you for the quick thorough reply. Take care.