Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
512
Views
0
Helpful
3
Replies

5545x limited to 990 anyconenct clients

richard.priest
Level 1
Level 1

‎01-20-2021 02:11 AM

Hi,

 

I have a 5545x with 2500 AnyConnect premium licenses, however when I get to about 990 connected users, additional clients struggle to connect.

 

CPU is around 60% utilisation and the AnyConnect load is 40%.

 

Is there a configuration setting I've missed where you can limit the number of AnyConnect clients? 

 

Firewall is on 9.8(4)26

 

Cheers

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-20-2021 05:15 AM

There is a seldom-used command that can do what you describe:

vpn-sessiondb max-session-limit

If that's not in place, then something else is going on.

0 Helpful

richard.priest
Level 1
Level 1
In response to Marvin Rhoads

‎01-20-2021 05:22 AM

Thanks Marvin,

 

I did find that command after posting - well I found it in ASDM anyway. it's not set so in theory should be able to hit 2500 users.

 

Is there anything else that sould possible cause the issue? I've checked the network link and that's not over utilised either

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-20-2021 05:29 AM

There are a number of settings in this guide for AnyConnect but mostly around performance optimization:

https://community.cisco.com/t5/security-documents/asa-best-practices-for-remote-access-vpn-performance/ta-p/4070579#toc-hId-1684724475

The key thing would be to collect logs (syslog messages) when users are trying and failing to connect. As long as you have informational level logging set there should be some indicators of why a given session is unable to establish.

0 Helpful
Customers Also Viewed These Support Documents