cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
25014
Views
5
Helpful
4
Replies

Cisco AnyConnect Multiple Users on One Computer

ejrein
Level 1
Level 1

                   Hello All,

I work for County Government and we are attempting to swtich from the Cisco VPN Client to the AnyConnect Client. It seems to work great when you have a single user assigned to a pc, however, it is a different story when you have multiple users assigned to one machine. Basically we do not know who will be logging into a machine during a certain day so we could have 5-6 users needing one pc and all of them being able to use the AnyConnect when they log in with their own Windows credentials. I understand there is an .XML file out there with some information that is needed but is there a way to modify it and place in each user's profile so that it will work for all of them? Any help would be greatly appreciated. Thank you!

4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

A copy of the XML profile is placed in their directory when an individual successfully establishes a Remote Access VPN session using AnyConnect and is successfully authenticated. I do not believe that there is any individual user information stored in the XML profile so I do not believe that the profile is part of your problem and do not see how it would solve your problem.

Can you provide some details about what problems you are having when multiple users are using the same PC? As long as each user does have appropriate credentials in whatever you are using to authenticate VPN users then I am not sure what the problem would be with different users coming from the same PC.

HTH

Rick

HTH

Rick

Thank you for your fast response Rick! The issue we are having is when we go to log in as a second user we get a message stating "Please enter a secure gateway to connect to". This is after we set up the main user of a pc on the ASA and configure them on the pc. When you enter in the URL in the AnyConnect it comes up with a second box "Certificate Validation Failure" and prompts the user for a username and password.

Let me further explain this by saying we set up a user in the ASA (let's call him "Bob"), get Bob set up on his pc with installing the certificate and then we have a second user (let's call her "Susie") log in the same pc and we get the above issues.

By default, a locally logged-in user can establish a VPN connection only when no other local user is logged in. The VPN connection is terminated when the user logs out, and additional local logons during a VPN connection result in the connection being torn down. Remote logons and logoffs during a VPN connection are unrestricted.

With this feature, AnyConnect disconnects the VPN connection when the user who established the VPN connection logs off. If the connection is established by a remote user, and that remote user logs off, the VPN connection is terminated.

You can use the following settings for Windows Logon Enforcement:

Single Local Logon—Allows only one local user to be logged on during the entire VPN connection. With this setting, a local user can establish a VPN connection while one or more remote users are logged on to the client PC, but if the VPN connection is configured for all-or-nothing tunneling, then the remote logon is disconnected because of the resulting modifications of the client PC routing table for the VPN connection. If the VPN connection is configured for split-tunneling, the remote logon might or might not be disconnected, depending on the routing configuration for the VPN connection. The SingleLocalLogin setting has no effect on remote user logons from the enterprise network over the VPN connection.

SingleLogon—Allows only one user to be logged on during the entire VPN connection. If more than one user is logged on, either locally or remotely, when the VPN connection is being established, the connection is not allowed. If a second user logs on, either locally or remotely, during the VPN connection, the VPN connection is terminated.

You can get more information from followng link:-

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac03features.html#wp1070852

HTH!!!

Regards,

Naresh

   Thanks for your response Naresh. The scenario you presented sounds like when more than one person is logged in at the same time. The scenario we are looking at is when only one person is logged in, yet the login credentials do not seem to follow to the second user (the user that was not originally set up in our ASA). So let's say "Bob" was set up but "Susie" needs to use his computer on a day when he is out. She logs in with her Windows domain credetnials but the AnyConnect is asking for a username/password. I attempted to copy and paste the XML file that was created under "Bob's" profile and move it to "Susie's" but it still asks for a username/password.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: