Solved: ASA VPN AnyConnect force logout after X hours ?

bdemontier · ‎02-18-2015

Hi folks,

Is there any way to auto force a disconnect of AnyConnect VPN clients after a certain amount of time ( for example, 24 hours )? I know I can manually accomplish this via CLI or ASDM, and we have a default inactivity timeout of 30 minutes. What management does not want is for a user to connect and remain connected for weeks at a time ( we currently have one user logged in for 9+ days ).

Many thanks in advance!

BuddyD

Dinesh Moudgil · ‎02-18-2015

Hi,

You can use vpn-session-timeout to limit the connection of the client.
Here is reference link for you :-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa81/command/ref/refgd/uz.html#wp1563857

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

Dinesh Moudgil · ‎02-18-2015

Hi,

You can use vpn-session-timeout to limit the connection of the client.
Here is reference link for you :-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa81/command/ref/refgd/uz.html#wp1563857

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

bdemontier · ‎02-18-2015

Thank you, Dinesh!

Dinesh Moudgil · ‎02-18-2015

Additionally , you can use vpn-access-hours to configure the time range from specific time of day to allow the VPN connection to the client.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/uz.html#wp1629931

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/