Hello everybody,
a customer reported that AnyConnect users will be disconnected sporadically
and will be prompted to login again but this time without success.
When they retriy this he get a new VPN session.
But the ASA consider the session still active and that needs to be logged out by the admin manually.
This is an disadvantage when the user usually get the same IP address assigned because the correct IP address for the user is blocked by the "dead" session and then he gets another one and don't reach all targets anymore.
I asked myself why a AnyConnect user was disconnected at all and saw in the ASDM that 122 AnyConnect users are connected simultanously.
When I check the 'show version' output I get this:
Result of the command: "sh ver"
Cisco Adaptive Security Appliance Software Version 9.12(4)35 <context>
SSP Operating System Version 2.6(1.239)
Device Manager Version 7.15(1)150
Compiled on Wed 06-Oct-21 22:41 GMT by builders
asa1-1 up 56 days 23 hours
failover cluster up 4 years 130 days
Hardware: ASA5516
The Running Activation Key feature: 500 AnyConnect Premium sessions exceed the limit on the platform, reduced to 300 AnyConnect Premium sessions.
Licensed features for this user context:
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 100 perpetual
Other VPN Peers : 100 perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual
VPN Load Balancing : Enabled perpetual
Failover cluster licensed features for this user context:
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 100 perpetual
Other VPN Peers : 100 perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Enabled perpetual
VPN Load Balancing : Enabled perpetual
Image type : Release
Key Version : A
500, 300, 100: This output is confusing
How many AnyConnect users can build a VPN tunnel simultanously to the ASA context at this output?
Thanks a lot!
Bye
R.