Disable VPN profiles in Cisco ASA 5550

MariusAndersson · ‎02-11-2010

I need to disable approxematly 40 different VPN profiles in our ASA5550`s without deleting them (need the ability to quickly activate them again if needed).

I thought maybe i could disable IPSec for those profiles, but since the IPSec is an attribute for Group Policy, i cant do it - as many other profiles are sharing the same policy.

Is there any easy way to set these profiles inactive?

Snydersh1_2 · ‎02-12-2010

I'm not much of a GUI person when it comes to Cisco but I would highly suggest using the ASDM interface for this. Quickly displays

all the profiles and provides a 'checkbox' to enable or disable any of the profiles.

ncowger · ‎10-12-2012

If you disable all of the remote access types (anyconnect, clientless, ipsec, etc.) it will still allow users to connect. Instead you have to get on the CLI and go into the group policy "group-policy attributes" then type "vpn-simultaneous-logins 0"

According to the command output below this should disable all logins:

VPN(config-group-policy)# vpn-simultaneous-logins ?

group-policy mode commands/options:

<0-2147483647> Maximum number of simultaneous logins allowed, enter 0 to

disable login and prevent user access

Note: that doesn't disconnect the clients that are already connected. You will have to do the following for the tunnel-group "vpn-sessiondb logoff tunnel-group "

mahmoudabomosalm0420 · ‎07-31-2017

it is working well, thank you.

but i configure it under user not group.