I'm not sure about best practices as I would feel this is dependent upon your business needs.
For our business, we timeout the idle connection after 60 minutes and only allow one concurrent connection. This may seem aggressive for some environment, especially without a 24/7 help desk. Idle connections with a low concurrent can get you in trouble since some sessions don't disconnect correctly/fully. You can increase this to 2 concurrent and a 2 or 4 hour idle in my "working" opinion. Note that my "working" opinion is not the same as my "lab" opinion. ;)
Regards,
Jay McMickle- 2x CCIE #35355 (R/S,Sec)
Sent from my iPhone 5
> On Mar 2, 2014, at 10:29 PM, Cisco Fanatic <ebay_products_at_hotmail.com> wrote:
>
> What's the best practice to set idle-timeout and session-timeout on ASA for
> IPSec VPN clients and AnyConnect VPN clients?
> yuri
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Mar 03 2014 - 06:51:09 ART
This archive was generated by hypermail 2.2.0 : Thu Apr 03 2014 - 17:12:31 ART