Cisco ASA 5505 - VPN Idle Timeout not working

Posted on 2011-05-11
Last Modified: 2012-05-11
Hi Experts,

I have a cisco asa 5505 setup. My config contains the idle timeout of 30 minutes however, it's not enforcing. Clients can stay connected for days.

Here is the current config for those settings:

group-policy SSLClientPolicy attributes
vpn-idle-timeout 30

Any help is appreciated. Thanks!
Question by:RLComputing
    LVL 33

    Accepted Solution

    How are you measuring whether or not the clients are actually idle?    What are your expectations here?  

    Even a few packets will keep the session open....  
    LVL 1

    Assisted Solution

    The default is 30 minutes. If there is no communication activity on the connection in this period, the security appliance terminates the connection.  Your command of vpn-idle-timeout 30 is really not even needed since this is the default.  However, if any packets traverse the tunnel, the session will stay up.  This could be remote desktop, email, voip registrations to name a few.
    LVL 1

    Author Comment

    I think the issue may be as MikeKane suggested. The end users have programs running that are keeping the session alive. To resolve issue with have implemented a 5 hour max login time to make sure they are free vpn licenses.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Suggested Solutions

    There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
    I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now