Jump to content
Welcome to our new Citrix community!

AAA Session time-out

Recommended Posts


I am planning to switch a VPN setup from classic authentication policies to nFactor.

I just saw today that under AAA - Application Traffic > Change Global Settings there is a Session time-out which is by default 30min.

I was wondering if this AAA Session timer-out need to match the VPN Session time-out which is currently set on 180 min.


Thank you,


Link to comment
Share on other sites

The AAA session policy *shouldn't* apply.


VPN vserver authentication is handed off to the AAA vserver for the advanced engine-based authe policies.  But authorization and session settings are still managed by the gateway's session policies and/or the authorization policies.


AAA session policies should only affect lb/cs vservers integrated with AAA vservers without gateway.


Also any policy bound to vpn vserver/aaa user/aaa group, will take precedence over a global parameter (even if both were to apply at same time).


Can't say there wouldn't be a bug causing an unexpected result; but you can usually ignore the AAA parameter and the AAA session policy when doing gateway + AAA configurations and rely instead on the vpn global parameters and the gateway session policies instead. (I would also test to make sure; but the gateway connections are affected by the gateway session policies.)






Edited by Rhonda Rowland
added note.
  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...