Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN Client Timeout

robdewhurst796
New here
‎Dec 19 2021 9:05 AM
‎Dec 19 2021 9:05 AM

VPN Client Timeout

Can anyone tell me how to change the lease time to 1 week or to drop when not being used please?

I have a MX84 which is kicking my clients after 12 hours while they are running queries!

Labels:
0 Kudos
Subscribe
5 Replies 5
cmr
Kind of a big deal
Kind of a big deal
‎Dec 19 2021 12:19 PM
‎Dec 19 2021 12:19 PM

I'm not sure it is a lease that is expiring, on our (non-Meraki) client VPN it re-keys every 8 hours, resulting in the user hacing to enter a new 2FA code.  So I think you'd need to increase that interval.

0 Kudos
Subscribe
In response to cmr
robdewhurst796
New here
‎Dec 19 2021 3:46 PM
‎Dec 19 2021 3:46 PM

How would I increase the interval on windows, mac and linux vpn clients please?

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 19 2021 2:21 PM
‎Dec 19 2021 2:21 PM

There is no VPN client idle time out "standard".  You can't configure one via the Dashboard.

 

I think you can use RADIUS to pass back an idle timeout.  I think I have done this once.  If you are using RADIUS authentication, check your RADIUS server if you have this configured.

 

That that some consumer CPE devices might time out UDP NAT translations after a fixed period of time.  So the issue could be because of the home routers in use.

 

You could consider changing to the AnyConnect VPN client (which has fewer of these issues).  Check you are using a compatible MX.  Note that AnyConnect licences are something extra you have to buy, but they are not expensive.

https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance 

0 Kudos
Subscribe
In response to PhilipDAth
robdewhurst796
New here
‎Dec 19 2021 3:46 PM
‎Dec 19 2021 3:46 PM

I am not using radius currently as we use google suite for our permissions and authentication. I have Linux, mac and windows in my environment. They all use their os standard vpn clients. Currently AnyConnect is not viable.

If there is anyway of configing the vpn clients or the mx84, it would be most appreciated

0 Kudos
Subscribe
In response to robdewhurst796
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 19 2021 3:47 PM
‎Dec 19 2021 3:47 PM

In that case, there is nothing on the VPN client or the MX that has an idle timeout setting.

 

The most likely issue will be a CPE device in between the two.  You could try updating the firmware on those devices.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.