Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2162
Views
5
Helpful
1
Replies

Multiple concurrent VPN Sessions on one Terminal Server

Go to solution
josef.kokal
Level 1
Level 1

‎05-04-2018 06:12 AM - edited ‎03-12-2019 05:15 AM

Hi,

 

i got the business need that some users need an anyconnect session to another customer at the same time and this should be achieved with a terminal server.

 

So lets say User1 and User2 are connected to a terminal server at the same time.
On this server anyconnect is installed but only one of them is able to start a vpn session to the customer. If one start the session the other one is terminated.

 

Everything is working fine but its frustating that only one at a time can have an open anyconnect session and as far as i know thats not possible but anyway i am not sure about this.

 

Please find below my Policy which should be fine in my opinion.

 

<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
        <ClientInitialization>
                <UseStartBeforeLogon UserControllable="false">true</UseStartBeforeLogon>
                <AutomaticCertSelection UserControllable="false">true</AutomaticCertSelection>
                <ShowPreConnectMessage>false</ShowPreConnectMessage>
                <CertificateStore>All</CertificateStore>
                <CertificateStoreOverride>false</CertificateStoreOverride>
                <ProxySettings>Native</ProxySettings>
                <AllowLocalProxyConnections>true</AllowLocalProxyConnections>
                <AuthenticationTimeout>12</AuthenticationTimeout>
                <AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart>
                <MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect>
                <LocalLanAccess UserControllable="true">true</LocalLanAccess>
                <ClearSmartcardPin UserControllable="false">false</ClearSmartcardPin>
                <IPProtocolSupport>IPv4,IPv6</IPProtocolSupport>
                <AutoReconnect UserControllable="true">true
                        <AutoReconnectBehavior UserControllable="true">ReconnectAfterResume</AutoReconnectBehavior>
                </AutoReconnect>
                <AutoUpdate UserControllable="false">true</AutoUpdate>
                <RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration>
                <WindowsLogonEnforcement>SingleLogon</WindowsLogonEnforcement>
                <WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
                <AutomaticVPNPolicy>false</AutomaticVPNPolicy>
                <PPPExclusion UserControllable="false">Disable
                        <PPPExclusionServerIP UserControllable="false"></PPPExclusionServerIP>
                </PPPExclusion>
                <EnableScripting UserControllable="false">false</EnableScripting>
                <EnableAutomaticServerSelection UserControllable="false">false
                        <AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
                        <AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
                </EnableAutomaticServerSelection>
                <RetainVpnOnLogoff>false
                </RetainVpnOnLogoff>
        </ClientInitialization>
        <ServerList>
                <HostEntry>
                        <HostName>xxxxxxxx</HostName>
                        <HostAddress>xxxxxxxx</HostAddress>
                </HostEntry>
        </ServerList>
</AnyConnectProfile>

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP

‎05-06-2018 07:01 AM

This is not possible from the same physical machine.  To get this to work you would need to set up the possibility for users to connect to virtual machines on the terminal server.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

1 Reply 1

Go to solution
Marius Gunnerud
VIP
VIP

‎05-06-2018 07:01 AM

This is not possible from the same physical machine.  To get this to work you would need to set up the possibility for users to connect to virtual machines on the terminal server.

--
Please remember to select a correct answer and rate helpful posts
Customers Also Viewed These Support Documents