Ikev2 Flexvpn Maximum simultaneos logins per username

rretanag099 · ‎01-31-2018

Hi , Does anybody knows how many simultaneos logins can the same user have with FlexVPN? Is there any parameter to configure with these? Right now, if my cel phone connects with Anyconnect to the FlexVPN server ( IOS 16.x) it disconnect my computer session and viceversa, using the same username in both devices. Different usernames have no issue.

The only thing that i see is that the Virtual-Access interface goes down, and goes up with the new device. Try with ipsec-max-flow, but it just limits the total amount of connections globally, not per user.

Thanks.

Philip D'Ath · ‎01-31-2018

This should be controlled by whatever device is doing the AAA authentication (e,g. RADIUS).

rretanag099 · ‎02-01-2018

Hi Philip, thanks for your answer.

¿Do you know if there is any special Radius Attributte for that? Funny thing is that the same Radius Server works for Webvpn RA and Classic IPsec RA, and the same username can have several simultaneos logins with those VPN Technologies.

Philip D'Ath · ‎02-01-2018

It is not an attribute, simply the RADIUS server rejects additional authentication methods. But this does not sound like the case if the same system is being used for other remote access options.

rretanag099 · ‎02-01-2018

Yes Sir, is an OpenRadius with a flat config. No special authorization is handled.

epol · ‎03-18-2020

Interesting. In ISAKMP with IPSec Xauth that we used some years ago, the ASR1k was able to perform concurrency control.

crypto isakmp client configuration group <GROUP_NAME>
 max-logins 1

How come this feature is absent in IKEv2 ?