/
Configuring General Information for a Remote Access VPN Policy
Document toolboxDocument toolbox

Configuring General Information for a Remote Access VPN Policy

Owned by Alex Mandel
Jul 19, 2023
2 min read

Specify the following information:

  • Name: Create a name that does not exceed 64 characters in length. Use numbers, any special characters, uppercase and lowercase letters, and even spaces. Start and end a name with any character but not a space. Leading and trailing spaces will be trimmed off automatically.

  • Description: Enter a description that does not exceed 256 characters in length.

  • MFA: Enable this field to turn on multi-factor authentication. When multi-factor authentication is turned on, Service Edge can be accessed only after your user credentials are authenticated by both the Cisco AnyConnect Secure Mobility Client and the RADIUS proxy server (DUO authentication).

  • Max Remote Clients: Enter the maximum number of clients that can connect to Service Edge through remote access VPN.

  • MTU: Enter the maximum transmission unit of the packet size that you want to send. 

  • Banner: Enter a welcome message that will be displayed to clients after they connect to Service Edge through remote access VPN. This is an optional field.

  • CLIENT TIMERS:

    • Auth Timeout: Enter the amount of time, in seconds, that the client is allowed to stay connected to Service Edge prior to authentication. For example, if you enter 11, then the client will be connected for 11 seconds and will stay connected only if the authentication is successful. 

    • Min Reauth Time: Enter the amount of time, in seconds, the client is not allowed to reconnect after a failed attempt to authenticate.

    • Cookie Timeout: Enter the amount of time, in seconds, after which the connection cookie must time out.

    • Idle Timeout: Enter the amount of time, in seconds, a client is allowed to stay idle before being disconnected.

    • Rekey Time: Enter the amount of time, in seconds, after which the VPN server requires the client to refresh the keys.

  • ADVANCED CLIENT OPTIONS:

    • Persistent Cookies: Enable this option for the cookies to stay valid even after a client disconnects manually. The cookies stay valid until they expire. 

    • Rekey Method: Select a method for efficiently performing a handshake on the channel and for allowing a seamless connection during rekeying.

    • DHCP Conflict Detection: Enable this option to allow occupied IP addresses in an IP range for leases. Before being leased from a pool, an IP address is pinged to verify that it is not being used by another host.

Related content