Cisco VPN Client Timeout

L1 Bithead

Cisco VPN Client Timeout

Hello,

we are using Cisco VPN Clients to connect to our Palo Alto Network Device, it works like a charm, but the user are logged out after one hour.

The timeout for  Login Lifetime is set to 30 day, and the Idle Timeout is set to 8 hours.

Any suggestion?

Jörg

L1 Bithead

Re: Cisco VPN Client Timeout

Do you mean that you connect thru the Palo Alto device. If so I have noticed that if DHCP lease provided by the PA expires, Cisco VPN disconnects.

Highlighted
L1 Bithead

Re: Cisco VPN Client Timeout

Hi,

I am also having this issue on 4.1.3 on a PA500. There are no DHCP lease timers on the Gateway DHCP pool. My timeout configuration is also set to 3 days for login lifetime and login inactivity.

Not applicable

Re: Cisco VPN Client Timeout

Hello,

Did you ever manage to resolve the issue of disconnecting after an hour?

Many Thanks

NGS
L3 Networker

Re: Cisco VPN Client Timeout

Hi, have you resolved this issue?

I found this behavior with 4.1.6 with almost all the devices (200-500 2000 series etc). Every 45 min I receive a disconnect from the gateway with or without traffic passing thru the vpn tunnel. Cisco Vpn is quite old and not longer supported right now (Anyconnect is the actual main client for Cisco) but is slightly better than GlobalProtect Client and connects like a flash, also is native in Ipad/Iphone and I don't want the 45m/1h limitation.

I also tried to expand session + tcp/dns timeout of ciscovpn application (how the ipsec remote access via cisco vpn is detected) without any luck.

Thanks

L4 Transporter

Re: Cisco VPN Client Timeout

Hello,

Same problem on a PA 500 running 4.1.7. After one hour, disconnect...

Regards,

HA

Not applicable

Re: Cisco VPN Client Timeout

Same problem here on a PA-200 with the Cisco client. Disconnects seconds before 1:00hr, consistently.

The GlobalProtect client is trash so we are using Cisco clients.

NGS
L3 Networker

Re: Cisco VPN Client Timeout

PANOS version 5.0 solves this problem, I've tried in lab just yesterday. in the next d days I'll try even version 4.1.9

Globalptotect is not so trashy :-) give it a chance

L1 Bithead

Re: Cisco VPN Client Timeout

Any chance the fix made it into 4.8h3 or 4.9?  I don't have a lab, and won't be able to go to 5.0 until at least 5.1 (rules), so I can't really test.

Thanks!

NGS
L3 Networker

Re: Cisco VPN Client Timeout

4.1.8hf3 or 4.1.9 are useless for this problem, both tried in the last few days, always 60 min before automagic logoff,  I hope in later versions.

5.0 is not so stable, I saw strange behavior in my 2050s so until 5.0.3 i don't think planning upgrading too.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!