I can´t connect more Anyconnect to my ASA

juan.rojas@citel.com.mx · ‎03-27-2020

Hello,

I can´t connect more Anyconnect users on my ASA5515. It was limited by the "IP LOCAL POOL" then i added a bigger range and different mask in the POOL and the Anyconnect endpoints started to take that pool IP addresses but it still not allow to join more users.

AnyConnect Essentials : 250 perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual

original pool:

ip local pool ACPOOL 192.168.30.10-192.168.30.120 mask 255.255.255.224

new pool:

ip local pool ACPOOL 192.168.30.1-192.168.30.126 mask 255.255.255.128

group-policy ACPOLICY internal
group-policy ACPOLICY attributes
wins-server none
dns-server value
vpn-simultaneous-logins 3
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelall
split-tunnel-network-list value Any
webvpn
anyconnect modules value vpngina
anyconnect profiles value type user

tunnel-group ACTUNEL type remote-access
tunnel-group ACTUNEL general-attributes
address-pool ACPOOL
default-group-policy ACPOLICY

****

Regards

Cristian Matei · ‎03-28-2020

Hi,

How many concurrent sessions can be formed? Try giving the new pool a new name, re-apply it to the tunnel group, and also maybe issue a reload. If it still doesn't work, post the following debug outputs when new sessions are not allowed: "debug webvpn anyconnect", "debug webvpn session", and:

logging enable

logging timestamp

logging class webvpn console debugging

logging class ssl console debugging

logging class svc console debugging

Regards,

Cristian Matei.

Mohammed al Baqari · ‎03-28-2020

Can you share the output of debug webvpn anyconnect 127

Sheraz.Salim · ‎03-28-2020

chagne this

vpn-simultaneous-logins 150

it will fix your issue.

please do not forget to rate.