ISA Firewall Quick Tip : Setting Timeout for Idle VPN Clients

ISA Firewall Quick Tip : Setting Timeout for Idle VPN Clients



October 01, 2007
Last Updated : October 01, 2007

You have enabled VPN on your ISA Server, and you have plenty of users that Dial-in into your company using ISA Server, and they always do not disconnect their sessions, you need a solution for those idle sessions. Well, in this article , we will see how we can disconnect these idle users' sessions after being idle for a specific amount of time that we can specify.

Configuration on Routing and Remote Access

  1. Click Start, point to Administrative Tools, and then click Routing and Remote Access

  2. From the left pane, click on the Remote Access Policies node.

  3. Right click on  ISA Server Default Policy  and click on Properties

  4. The ISA Server Default Policy Properties page will open, click on the Edit Profile button

  5. The Edit Dial-in Profile page will open, under the Dial-in Constraints, we have two options

    Minutes server can remain idle before it is disconnected (Idle-Timeout )

    Minutes client can be connected (Session-Timeout )

    The first option is as saying to Disconnect if idle for the specified number of minutes, whereas the second option is as saying to restrict maximum session to the specified number of minutes

    We  do not want to kick out a VPN Client if he is working and not idle, what I want to enable is the first option, if any VPN client becomes idle for more than lets say 30 minutes, then I don't want him to stay connected to my Network, in this way, I made more resources available for other VPN Clients, for example if I have a limited number of IP Addresses that I can distribute to VPN Clients, then if these idle users kept connected to my Network, and the Max number of VPN Clients has been reached, then other users won't be able to Dial-in unless these Idle users get disconnected so that we have more free IPs to others.

  6. So Enable the option Minutes server can remain idle before it is disconnected (Idle-Timeout ) and set the number of minutes you want that suites your needs. Then click OK > OK > OK and we are done.


In this article we learned how to disconnect Dialed-in VPN Clients that their sessions are idle for a specific amount of time.


Related Links

Enabling the ISA Server 2004 VPN Server