Cisco ASA 5505 - VPN Idle Timeout not working

Posted on 2011-05-11
Medium Priority
Last Modified: 2012-05-11
Hi Experts,

I have a cisco asa 5505 setup. My config contains the idle timeout of 30 minutes however, it's not enforcing. Clients can stay connected for days.

Here is the current config for those settings:

group-policy SSLClientPolicy attributes
vpn-idle-timeout 30

Any help is appreciated. Thanks!
Question by:RLComputing
LVL 33

Accepted Solution

MikeKane earned 1000 total points
ID: 35741204
How are you measuring whether or not the clients are actually idle?    What are your expectations here?  

Even a few packets will keep the session open....  

Assisted Solution

jrichesin earned 1000 total points
ID: 35749765
The default is 30 minutes. If there is no communication activity on the connection in this period, the security appliance terminates the connection.  Your command of vpn-idle-timeout 30 is really not even needed since this is the default.  However, if any packets traverse the tunnel, the session will stay up.  This could be remote desktop, email, voip registrations to name a few.

Author Comment

ID: 35769071
I think the issue may be as MikeKane suggested. The end users have programs running that are keeping the session alive. To resolve issue with have implemented a 5 hour max login time to make sure they are free vpn licenses.


Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question