VPN Commands

RS_MCPRS_MCP Member Posts: 352
in CCNP Security
Hi All,

Could someone please explain what the following commands mean?

vpn-idle-timeout 30
vpn-session-timeout 720

Thank you. :)
· Share on FacebookShare on Twitter

Comments

  • QHaloQHalo Member Posts: 1,488
    RS_MCP wrote: »
    Hi All,

    Does anyone know how I can change the following command settings in ASDM?

    vpn-idle-timeout 30
    vpn-session-timeout 720

    Thanks :)

    I did a search for the first command in this document and it gives some info. Its an older version but maybe it's in the same place. Either way it should help you at least get started. HTH
    Selected ASDM VPN Configuration Procedures for the Cisco ASA 5500 Series, Version 5.2 - Configuring Group Policies [Cisco Adaptive Security Device Manager] - Cisco Systems
    http://vwilmo.wordpress.com

    · Share on FacebookShare on Twitter
  • kalebkspkalebksp Member Posts: 1,033 ■■■■■□□□□□
    vpn-idle-timeout - Time in minutes that a VPN connection can be idle (no traffic) before it is terminated.
    vpn-session-timeout - Maximum time in minutes that a VPN connection can be established before it is terminated, doesn't matter if there is traffic or not.
    · Share on FacebookShare on Twitter
  • RS_MCPRS_MCP Member Posts: 352
    Thank You!
    · Share on FacebookShare on Twitter
  • shednikshednik Member Posts: 2,005
    RS_MCP wrote: »
    vpn-idle-timeout 30
    vpn-session-timeout 720

    Configuration - Network Client Access - Group Policy - Open More Options
    3rd to last is the vpn session timeout
    2nd to last is the idle time out

    This should be the same for 6.x+

    Joe
    · Share on FacebookShare on Twitter
  • ConstantlyLearningConstantlyLearning Member Posts: 445
    shednik wrote: »
    configuration - remote access vpn - network client access - group policy - open more options

    :)


    .....
    "There are 3 types of people in this world, those who can count and those who can't"
    · Share on FacebookShare on Twitter
  • RS_MCPRS_MCP Member Posts: 352
    shednik wrote: »
    Configuration - Network Client Access - Group Policy - Open More Options
    3rd to last is the vpn session timeout
    2nd to last is the idle time out

    This should be the same for 6.x+

    Joe

    As the Tunnels are IPSec Site-to-Site, I cant seem to find this option in "Site-to-Site VPN" however I can see it in Remote Access. Any ideas?
    · Share on FacebookShare on Twitter
  • shednikshednik Member Posts: 2,005
    RS_MCP wrote: »
    As the Tunnels are IPSec Site-to-Site, I cant seem to find this option in "Site-to-Site VPN" however I can see it in Remote Access. Any ideas?


    You would only set the lifetimes of isakmp and ipsec, there is no idle timeout for a site to site, it only gets built when it receives interesting traffic.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.