[Last Call] Learn how to a build a cloud-first strategyRegister Now


Cisco AnyConnect Client Re-authentication. Possible?

Posted on 2011-04-21
Medium Priority
Last Modified: 2012-08-13
Hi there.

Does anybody know if it's possible to force a user to re-authenticate say, every 30 minutes or so when connected via AnyConnect?
Alternatively, if it's not at all possible, would I be able to set up some sort of prompt, informing a user that his/her session is about to expire?

I've seen the "svc rekey" option but as far as I can tell, this is transparent to the end-user and doesn't actually require that they resend their authentication details. Is this correct?
Question by:ddsteam
  • 2
  • 2
LVL 18

Accepted Solution

jmeggers earned 2000 total points
ID: 35441928
I don't think the ASA has this capability natively.  The only way I've seen something similar done was some kind of external NAC product that would require re-authentication.  Not much help, I know....

Author Comment

ID: 35442120
Thanks j.

Honestly, even a response to the negative is helpful at this point. I just need to know if it's possible or not so I can give a final verdict to my superiors.
LVL 18

Expert Comment

ID: 35448335
I'm curious about the logic behind this requirement.  I can understand re-NACing a host to ensure the user didn't do something like turn off AV, but I'm struggling to understand why you would have them re-authenticate to the VPN even if there's active traffic.  You can time-out the VPN for lack of use -- is that the concern?

Author Comment

ID: 35762405
Thanks jmeggers.
Points assigned accordingly.

And to answer your question, the client wants to be sure that if a user authenticates to the VPN and is then hit over the head by an overeager but otherwise useless hacker, they won't have too much time to do any work before having to re-authenticate. :P
LVL 33

Expert Comment

ID: 35791884
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month18 days, 11 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question