ddsteam
asked on
Cisco AnyConnect Client Re-authentication. Possible?
Hi there.
Does anybody know if it's possible to force a user to re-authenticate say, every 30 minutes or so when connected via AnyConnect?
Alternatively, if it's not at all possible, would I be able to set up some sort of prompt, informing a user that his/her session is about to expire?
I've seen the "svc rekey" option but as far as I can tell, this is transparent to the end-user and doesn't actually require that they resend their authentication details. Is this correct?
Does anybody know if it's possible to force a user to re-authenticate say, every 30 minutes or so when connected via AnyConnect?
Alternatively, if it's not at all possible, would I be able to set up some sort of prompt, informing a user that his/her session is about to expire?
I've seen the "svc rekey" option but as far as I can tell, this is transparent to the end-user and doesn't actually require that they resend their authentication details. Is this correct?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm curious about the logic behind this requirement. I can understand re-NACing a host to ensure the user didn't do something like turn off AV, but I'm struggling to understand why you would have them re-authenticate to the VPN even if there's active traffic. You can time-out the VPN for lack of use -- is that the concern?
ASKER
Thanks jmeggers.
Points assigned accordingly.
And to answer your question, the client wants to be sure that if a user authenticates to the VPN and is then hit over the head by an overeager but otherwise useless hacker, they won't have too much time to do any work before having to re-authenticate. :P
Points assigned accordingly.
And to answer your question, the client wants to be sure that if a user authenticates to the VPN and is then hit over the head by an overeager but otherwise useless hacker, they won't have too much time to do any work before having to re-authenticate. :P
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
ASKER
Honestly, even a response to the negative is helpful at this point. I just need to know if it's possible or not so I can give a final verdict to my superiors.