Solved: Restricting amount of users on IPSec VPN - Page 2

tom.merrill · ‎10-16-2010

I have a Cisco ASA 5510 running an IPSec VPN. My example is I have a group policy with 10 users on it, all assigned static IP's. Of those 10 users, I only want to have a max of 5 logged in at any one time. Simultaneous connections won't work because thats is only how many times a single username can be logged in (that I know of) and I can't limit the IP address pool of that group because I need 10 static IP's and if I limited the pool to 5, well that wouldn't work.

So is there anyway to limit the amount of VPN users per group policy or tunnel or what have you? I don't want to limit the ammout of VPN connections on the entire appliance since I will have other groups as well that will be connecting.

Thanks for any help.

tom.merrill · ‎10-16-2010

Result of the command: "sh run group-policy 3"

group-policy 3 internal

group-policy 3 attributes

banner none

wins-server none

dns-server none

vpn-access-hours none

vpn-simultaneous-logins 1

vpn-idle-timeout none

vpn-session-timeout none

vpn-filter none

vpn-tunnel-protocol IPSec l2tp-ipsec

group-lock value 3VPN

split-tunnel-policy tunnelspecified

split-tunnel-network-list value 3

intercept-dhcp disable

vlan none

nac-settings none

address-pools none

smartcard-removal-disconnect enable

I made a change to test before I ran that command. This is what it is set at and still have the 3 users signed on.

greg.otto · ‎09-24-2014

You can use the vpn-sessiondb command to set an active VPN limit systemwide. This can be done for AnyConnect or other VPN client connections as noted below.

max-anyconnect-premium-or-essentials-limit #For AnyConnect

max-other-vpn-limit #For Cisco VPN Client (not sure about L2L)

Example:

vpn-sessiondb max-anyconnect-premium-or-essentials-limit 250

or

vpn-sessiondb max-other-vpn-limit 250