cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

96
Views
0
Helpful
2
Replies
Beginner

Limit number of VPN user with DAP

Does anybody know how to limit the number of VPN users using the DAP authentication ? I'm using this type of authentication to manage access to different VPN but since I started using it I can not control the maximum number of users connected to each vpn. Previously this value was running under "group policy" -> "simultaneous logins". Can someone help me? 

Regards

Everyone's tags (1)
2 REPLIES 2
Highlighted
Participant

Hello Simpathier,

Hello Simpathier,

Actually the simultaneous logins setting is for a single user, (How many times a user can connect with the same username simultaneously), the way to limit how many users can connect through Anyconnect or VPN client IPsec, is through any of these 2 commands:

* vpn-sessiondb max-anyconnect-premium-or-essentials-limit #

       (This one is For AnyConnect Only)

* vpn-sessiondb max-other-vpn-limit # 

       (This one is for IPSec connections Only)

With DAP you can use it along with Host Scan, to do an Endpoint Posture assessment(Pre-login Assessment) to check if the endpoint compliance with certain parameters so I would allowed the user to connect, for example:

   - You can allow Windows and Android users to connect Only, the rest of the OS will be terminated the session.

   - The user should have the following AV and the signatures up to date otherwise he wont be able to connect.

For Further information:

- http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/108000-dap-deploy-guide.html

Please proceed to rate and mark as correct this post! if it helped you, keep me posted if you have some other questions!

David Castro,

Beginner

Hi David,

Hi David,

unfortunately, your proposal may not be useful :( :( I need a solutions for IPsec connections and the second one didn't work for me or i not figured out how to use it. I have the need to limit the number of single independent vpn users for each VPN, there is an expression to be inserted in the DAP to limit this number?

Regards