Cisco ASA: Connection Times Out After 12 Seconds

By default, the Cisco AnyConnect client will timeout after 12 seconds on Windows and after 30 seconds on Mac OS X. Your users may require more time to authenticate, so the following steps will guide you in creating a profile to override the default timeout.

1. Click on **AnyConnect Client Profile**

2. Click the *Add* button

3. In the sidebar, click on **Preferences(Cont)** and scroll to the bottom

4. Enter **90** for **Authentication Timeout Values**

5. Click **OK**

6. In the sidebar, click on **Server List**

7. Click on **Add** to add a server

8. Enter the FQDN of your Cisco ASA VPN exposed end-point in the **Hostname** and a hostname or IP Address in the
**Host Address**

   Click **OK**

9. Click **Apply**

10. Click on **Group Policies** under **Network (Client) Access**

11. Click on the group policy that you have assigned to your VPN (e.g. **DfltGrpPolicy**)

12. Under **Advanced > AnyConnect Client** Select your profile

To test, navigate to your Cisco ASA clientless VPN portal and attempt access.

User Experience: Connection Timeouts

The new profile will be downloaded and applied only after you have successfully connected the first time with the ASA client. If some of your users are having trouble with the 12 second timeout, we recommend that they connect using the clientless interface and clicking on the Start AnyConnect link to re-download the client. Ensure that the FQDN and IP Address is correct in the Server List. Also ensure that the profile Hostname is the same hostname that your end-users use to connect to the VPN.

Another option would be to authenticate using the Software OTP. For more information see: https://www.logintc.com/docs/guides/software-otp-tokens.html.