Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
0
Helpful
4
Replies

Anyconnect 4.x VPN session reservation

Go to solution
Jorn Halsen Lukassen
Level 1
Level 1

‎10-12-2015 11:53 AM - edited ‎02-21-2020 08:30 PM

Is there any way of doing user or user group differentiation when it comes to reservation/prioritization of RA VPN sessions ?

 

We would like to reserve seats for a selected group of users in case there are peak intervals when all available seats are taken (either shared license or hard limit).

Some of our users need a guarantee of an available connection to reach their critical 24/7 applications behind the firewall.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-12-2015 01:58 PM

That's not an offered feature on the ASA.

However, if you have AnyConnect 4.x licenses realize that there is (currently) not any technical enforcement of the number of concurrent users.

When you install an AnyConnect 4.x activation key, your ASA will indicate it has up to the maximum allowed by the platform hardware for the number of available licenses. They did this to account for the fact that it is now technically licensed per unique user and not per unique connection (i.e. one user with PC, tablet and mobile phone connections running simultaneously counts as one license).

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-12-2015 01:58 PM

That's not an offered feature on the ASA.

However, if you have AnyConnect 4.x licenses realize that there is (currently) not any technical enforcement of the number of concurrent users.

When you install an AnyConnect 4.x activation key, your ASA will indicate it has up to the maximum allowed by the platform hardware for the number of available licenses. They did this to account for the fact that it is now technically licensed per unique user and not per unique connection (i.e. one user with PC, tablet and mobile phone connections running simultaneously counts as one license).

0 Helpful

Go to solution
Jorn Halsen Lukassen
Level 1
Level 1
In response to Marvin Rhoads

‎10-12-2015 11:25 PM

Hi Marvin, thanks for following up here.

 

As far as I've understood the device specific maximum number of VPN sessions still count.

We plan to scale the solution according to an average count of connected clients, but it would be nice to give precedence to a group of users in case the device limit is reached.

Do you know if there's anything on the road map for this kind of prioritization ?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Jorn Halsen Lukassen

‎10-13-2015 06:30 AM

You're welcome Jorn.

Yes - the device-specific (hardware) maximums still apply. The vast majority of customers operate well below that; but if such is not the case in your environment you could run into issues of there being no more available remote access VPN connections.

I've not heard of any roadmap to add the feature you're asking about. I would suggest that if it's a critical business need, you could look into adding a small second ASA that's reserved for the critical users. The new AC licenses can be used across multiple devices, each operating withing its hardware limits. As long as you're licensing for unique users, you are legitimate with respect to the purchased licenses. 

0 Helpful

Go to solution
Jorn Halsen Lukassen
Level 1
Level 1
In response to Marvin Rhoads

‎10-13-2015 11:47 AM

Very well, we will adhere to the given limitations and advise the customer to scale properly.

 

Thanks again !

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents