Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2936
Views
0
Helpful
6
Replies

Cisco Router AnyConnect VPN in Router - How to Limit Concurrent Logins?

LJ Gabrillo
Level 5
Level 5

‎07-17-2014 11:31 PM - edited ‎02-21-2020 07:44 PM

Hi everyone,

Just as the question say.
My AnyConnect VPN is working. However, I am having trouble on how to limit concurrent logins.
With my current setup, if the end users knows, they can pretty much connect with just one username.

I want limit this, that once the user is logged in. It cannot be used by another.
As far as i know, the old VPN Client has a command 'max-logins' pretty handy. However, for the AnyConnect part, I cant seem to find it :D

Thanks for the replies in advance! :D

Labels:
0 Helpful
6 Replies 6

ghostinthenet
Level 7
Level 7

‎07-20-2014 10:47 AM

In your  group-policy definition, add the following line:

vpn-simultaneous-logins 1

That should cover it.

0 Helpful

LJ Gabrillo
Level 5
Level 5
In response to ghostinthenet

‎07-20-2014 06:41 PM

Hi Jody,

Thanks for the reply, but sadly that commands is for the ASA
The config I am talking about is for the Cisco IOS Router :D

0 Helpful

johnlloyd_13
Level 9
Level 9
In response to LJ Gabrillo

‎07-20-2014 08:34 PM

hi,

try max-users under webvpn context command:

webvpn context MY-CONTEXT

max-users <number>

0 Helpful

LJ Gabrillo
Level 5
Level 5
In response to johnlloyd_13

‎07-20-2014 08:41 PM

Hi John,

I think the 'max-users' command tells the router how many vpn sessions it will accept, not the concurrent logins it limits.

So that means if i configured 'max-users 1' it will only accept one VPN connection and if someone tries to connect even if he has a different username. It wont work 

0 Helpful

ghostinthenet
Level 7
Level 7

‎07-21-2014 01:02 PM

It looks like this is already being covered in another question:

https://supportforums.cisco.com/discussion/12259426/ssl-vpn-cisco-router-anyconnect-config-how-limit-concurrent-logins

Apparently there is a feature request (CSCuj25736) for this that hasn't been fulfilled yet.

One tricky workaround that might work is to assign a fixed IP address for each user. The second user logging in with the same credentials will error out because the IP address is already in use. This won't work with local authentication to the best of my knowledge, but shouldn't be too difficult to do if you're authenticating off of a RADIUS server.

0 Helpful

srikanthm
Level 1
Level 1
In response to ghostinthenet

‎02-08-2023 02:37 AM

Can concurrent user login be restricted in Cisco RV345?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents