cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1381
Views
0
Helpful
9
Replies

Disable simultaneous VPN access

fb_webuser
Level 6
Level 6

How to disable simultaneous VPN access for one user from different locations?

---

Posted by WebUser Nikola Ratkovic from Cisco Support Community App

9 Replies 9

nikolaratkovic
Level 1
Level 1

I forgot to remind that users identify themselves from RADIUS server

Hi Nikola,

You can do it with the following command under the group-policy settings:

vpn-simultaneous-logins 1

Let me know.

Thanks.

Please rate this post if you find it useful.

Hi, Xavier!

That command disables more than one VPN access from one GROUP of users. It means that only one user from RADIUS group would have remote access, and if someone else try to connect (with different user account) he'll be denied.

I need to forbid one user account to access from two different locations. (same user trying to access from two different locations at the same time)

I think that I need to set some group or user policy on RADIUS server

Hi Nikola,

Well, not really. It does it per user, by default it is 3.

Command

Description

vpn-simultaneous-logins

Sets the maximum number of simultaneous VPN sessions permitted. Use in group-policy or username mode.

Keep me posted.

I think that is the command only  for Cisco ASA, because it doesn't exist in router IOS, at least not on  my router (Cisco 2611).

I tried with,

crypto isakmp client configuration group

max-logins - Set maximum simultaneous logins for users in this group

and this does the same thing, just limits the number of simultaneous logins for the whole radius group.

Hi Nikola,

Since you have a Router I would recommend this command under the group settings:

max-logins         Set maximum simultaneous logins for users in this group

Example:

crypto isakmp client configuration group cisco

max-logins  1

On the other hand there is another command to set the maximun number of users in this group:

max-users          Set maximum number of users for this group

Example:

crypto isakmp client configuration group cisco

max-users 10

Let me know if you have any questions.

Please rate this post if you find it helpful.

Hi Javier,

I already tried that command as you can see from my earlier post ::) That is not the right command, I tested it a couple of times. Can you configure it on your router, maybe I am doing something wrong?

Interesting, let me give it a shot.

I will keep you posted.

Thanks