05-30-2019 11:53 AM
We have 20 separate devices that have a concurrent user limit of 5 each. These devices do not have any type of administrative features that allow the management of incoming connections. Therefore the first 5 users to connect, get in and could stay logged in indefinitely. We have over 40 users that need access to each device at different times. Some with higher priority than others.
Our current solution: Implemented an ASA-5506 with separate rules/groups of IP's. One small group, say "Priority 1" contains a handful of high priority IP's. The rest of the users/IP's are in a second group "Priority 2". If at a given time a device is full with 5 connections and someone from Priority 1 needs access, the second rule is disabled and one unlucky IP from the lower priority group is manually disconnected via console command to make room.
Is it possible to automate this in any way? Such as automatically disconnecting and temporarily blocking IP(s) from Priority 2 to allow users from Priority 1 to connect. And then automatically unblocking them once Priority 1 disconnects?
05-31-2019 12:19 AM
- In the modern always-connected world such schemes are undesirable. Make sure your infrastructure is robust and can accommodate all network clients.
M.
06-01-2019 02:19 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide