CISCO VPN Timeout Issue

By | August 3, 2014

How to disable the VPN timeout setting on CISCO devices

Stop site-to-site CISCO VPN Drops

By default, CISCO site-to-site VPNs timeout after 30 minutes of idle time.  Have you ever had to had to work on a client issue at their site and then try the remote desktop connection, and presto no VPN connection.  The status of the VPN show online on your VPN/firewall but still no access.  After a couple weeks of searching I found this solution.

Here’s the solution, straight from Cisco:

PIX/ASA 7.x and later

Enter the vpn-idle-timeout command in group-policy configuration mode or in username configuration mode in order to configure the user timeout period:

hostname(config)#group-policy DfltGrpPolicy attributes
hostname(config-group-policy)#vpn-idle-timeout none

Configure a maximum amount of time for VPN connections with the vpn-session-timeout command in group-policy configuration mode or in username configuration mode:

hostname(config)#group-policy DfltGrpPolicy attributes
hostname(config-group-policy)#vpn-session-timeout none

Cisco IOS Router

Use the crypto ipsec security-association idle-time command in global configuration mode or crypto map configuration mode in order to configure the IPsec SA idle timer. By default IPsec SA idle timers are disabled.

crypto ipsec security-association idle-time seconds

Time is in seconds, which the idle timer allows an inactive peer to maintain an SA. Valid values for the seconds argument range from 60 to 86400.

 

Thanks for reading.  Feel free to leave comments.