Hello all,

We have a site that has an ASA 5506x sporting version 9.5(2)2 with a base 2 user AnyConnect license. We notice that after users log on and then log off, the session remains active still when I issue a show vpn-sessiondb anyconnect. I attempt to log in again which is successful and at this point if I do another show vpn-sessiondb command it now shows my session twice. After disconnecting once more and connecting again, I'm not able to connect due to these sessions still considered active.

This appears to affect all connection profiles and group policies. In the attached screenshots you can see that the connections stay on and the inactivity timers do not increment and stay at 00:00m:00s constantly even after disconnecting.

With 2 sessions still active despite disconnecting from anyconnect both times, if another user tries to log in after this, they get a login failed presumably due to lack of available anyconnect slots. I'm unsure where to look from here, most settings do seem generic. We do employ a 2FA login solution but this is reproduced with other connection profiles that do not have a 2FA method. attached are pictures that hopefully show the issue.

Thanks in advance.