topic Re: Simultaneous logins exceeded on 3005 bug ? in Network Security

Simultaneous logins exceeded on 3005 bug ?

mats.karneman — Fri, 21 Feb 2020 07:33:40 GMT

Hi all

We have a 3005 (4.1.4) that I have moved some site to site IPsec tunnels to from a 3005 with (3.6.7B)

The remote sites are mainly 837's with (12.2(8)YN) and up..

Now after the tunnel been connected for 22:48 hrs i get

>snip

24562 07/27/2004 07:46:52.720 SEV=3 AUTH/5 RPT=92 x.x.x.x

Authentication rejected: Reason = Simultaneous logins exceeded for user

handle = 291, server = (none), user = x.x.x.x, domain = <not specified>

>snip

I have specified simultaneus login to 1 in the Group\general tab, and that was fine in version 3.7.6

The SA's liftime is set to 3600.

Am i running in to a bug here ?

(One quick fix is to increase "sim login" to 2, but for security reasons it was sugested to keep it to 1 using pershared keys)

Any Ideas Anyone

Mats

drolemc — Tue, 17 Aug 2004 14:42:53 GMT

Are the SA lifetimes same on both the ends? Also, enable Dead peer detection. Doing this might just help.

mats.karneman — Mon, 23 Aug 2004 09:57:27 GMT

thx for you reply.

Yes the IKE proposal/isakmp policy is 86400 in both 3005 and ios router. that make sense, beacuse it should renegotiate 1 hr before it will expire.

DPD is active i.e IKE keepalive.

As I said this exact configuration worked fine in 3.7

but not in 4.1.5.

Any other ideas

Mats