Your question is related to what are the best values for those attributes
or where to configure it?
There is no 3best2 value, it really depends on how your users work and
what is your internal security policy; most common implementations don9t
use session-timeout, because maybe users really work long hours remotely,
but use idle-timeout to a value between 30-90 minutes.
Where to configure the values, you have three options: at the group-policy
level, at the user-level, or in the RADIUS server (if you use RADIUS for
AAA on VPN). Which is better
..it really depends on your VPN setup; but
most commonly you configure it on RADIUS or group-level, and if you need
exceptions for some users, than do it at the user-level or RADIUS level.
Regards.
Cristian.
On 03/03/14 06:29, "Cisco Fanatic" <ebay_products_at_hotmail.com> wrote:
>What's the best practice to set idle-timeout and session-timeout on ASA
>for
>IPSec VPN clients and AnyConnect VPN clients?
>yuri
>
>
>Blogs and organic groups at http://www.ccie.net
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Mar 03 2014 - 02:31:28 ART
This archive was generated by hypermail 2.2.0 : Thu Apr 03 2014 - 17:12:31 ART