If the login credentials for users include a PIN or other parameter that is valid for only a limited period of time,
you should be aware of what your session limits are. For example, if Credential lifetime is set to only 30 seconds
and the client works through several fallback servers while attempting to make a connection, the user’s PIN or
other parameter may time out before the list of possible servers is exhausted. There are a few settings that govern how long a session can be resumed without requiring reauthentication:
Credential lifetime is a global setting that is specified on the Configure General Appliance Options page (click General Settings in the main navigation menu, and then click Edit in the Appliance options area).
Limit session length to credential lifetime is a setting that is configured on a per-community basis. When selected, tunnel client sessions in a given community terminate and require reauthentication after the length of time specified by Credential lifetime.
If the client connects to a fallback server and the requested realm (as configured in AMC) is unavailable, the connection fails with an authentication error.
Users connecting to a high-availability pair of appliances operate with the same fallback information, regardless of which member of the pair they initially connect to.
Once a server has been contacted, fallback will not continue even if the login attempt fails.
If a user manually changes from one appliance that has a fallback list of servers to another, the second server will display the last known realm the user selected for that host.
Was This Article Helpful?
Help us to improve our support portal