10-12-2015 11:53 AM - edited 02-21-2020 08:30 PM
Is there any way of doing user or user group differentiation when it comes to reservation/prioritization of RA VPN sessions ?
We would like to reserve seats for a selected group of users in case there are peak intervals when all available seats are taken (either shared license or hard limit).
Some of our users need a guarantee of an available connection to reach their critical 24/7 applications behind the firewall.
Solved! Go to Solution.
10-12-2015 01:58 PM
That's not an offered feature on the ASA.
However, if you have AnyConnect 4.x licenses realize that there is (currently) not any technical enforcement of the number of concurrent users.
When you install an AnyConnect 4.x activation key, your ASA will indicate it has up to the maximum allowed by the platform hardware for the number of available licenses. They did this to account for the fact that it is now technically licensed per unique user and not per unique connection (i.e. one user with PC, tablet and mobile phone connections running simultaneously counts as one license).
10-12-2015 01:58 PM
That's not an offered feature on the ASA.
However, if you have AnyConnect 4.x licenses realize that there is (currently) not any technical enforcement of the number of concurrent users.
When you install an AnyConnect 4.x activation key, your ASA will indicate it has up to the maximum allowed by the platform hardware for the number of available licenses. They did this to account for the fact that it is now technically licensed per unique user and not per unique connection (i.e. one user with PC, tablet and mobile phone connections running simultaneously counts as one license).
10-12-2015 11:25 PM
Hi Marvin, thanks for following up here.
As far as I've understood the device specific maximum number of VPN sessions still count.
We plan to scale the solution according to an average count of connected clients, but it would be nice to give precedence to a group of users in case the device limit is reached.
Do you know if there's anything on the road map for this kind of prioritization ?
10-13-2015 06:30 AM
You're welcome Jorn.
Yes - the device-specific (hardware) maximums still apply. The vast majority of customers operate well below that; but if such is not the case in your environment you could run into issues of there being no more available remote access VPN connections.
I've not heard of any roadmap to add the feature you're asking about. I would suggest that if it's a critical business need, you could look into adding a small second ASA that's reserved for the critical users. The new AC licenses can be used across multiple devices, each operating withing its hardware limits. As long as you're licensing for unique users, you are legitimate with respect to the purchased licenses.
10-13-2015 11:47 AM
Very well, we will adhere to the given limitations and advise the customer to scale properly.
Thanks again !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide