cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
336
Views
0
Helpful
2
Replies

Why 3rd user of Anyconnect VPN disconnect the other user ? (Cisco ASAv)

Shlomy Maron
Cisco Employee
Cisco Employee

Hi,

I have Cisco ASAv, with the following license :

License mode: Smart Licensing
ASAv Platform License State: Licensed
Active entitlement: ASAv-STD-2G, enforce mode: Authorized
Licensed for maximum of 4 vCPUs

Licensed features for this platform:
Maximum VLANs : 200
Inside Hosts : Unlimited
Failover : Active/Standby
Encryption-DES : Enabled
Encryption-3DES-AES : Enabled
Security Contexts : 0
Carrier : Enabled
AnyConnect Premium Peers : 750
AnyConnect Essentials : Disabled
Other VPN Peers : 750
Total VPN Peers : 750
AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Enabled
Advanced Endpoint Assessment : Enabled
Shared License : Disabled
Total TLS Proxy Sessions : 1000
Botnet Traffic Filter : Enabled
Cluster : Disabled

I have made VPN with the following configuration:

webvpn
enable OUTSIDE
default-idle-timeout 900
anyconnect image disk0:/anyconnect-win-4.5.01044-webdeploy-k9.pkg 1
anyconnect enable
tunnel-group-list enable
cache
disable
error-recovery disable

tunnel-group VPN type remote-access
tunnel-group VPN general-attributes
address-pool POOL
default-group-policy VPN
tunnel-group VPN webvpn-attributes
group-alias SSL_USERS enable

group-policy VPN internal
group-policy VPN attributes
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
ip-comp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT1
webvpn
anyconnect keep-installer installed
anyconnect dpd-interval client 30
anyconnect ask none default anyconnect
customization none

I can get up to 2 users connected at the same time, once a 3rd user is connected - one of the other two is being dropped.

any idea why ?

1 Accepted Solution

Accepted Solutions

Aditya Ganjoo
Cisco Employee
Cisco Employee

Hi,

Are you using the same username?

If yes, you need to check what is the vpn-simultaneous login number set to:

Under group-policy VPN attributes

vpn-simultaneous-logins <>--- You need to increase this number

If not, check the output of show run vpn-sessiondb for the anyconnect license usage.

You can check if it is set to 750 licenses or not.

You can increase the number by using the command:

vpn- sessiondb max-anyconnect-premium-or-essentials-limit 750

Regards,

Aditya

Please rate helpful and mark correct answers

View solution in original post

2 Replies 2

Aditya Ganjoo
Cisco Employee
Cisco Employee

Hi,

Are you using the same username?

If yes, you need to check what is the vpn-simultaneous login number set to:

Under group-policy VPN attributes

vpn-simultaneous-logins <>--- You need to increase this number

If not, check the output of show run vpn-sessiondb for the anyconnect license usage.

You can check if it is set to 750 licenses or not.

You can increase the number by using the command:

vpn- sessiondb max-anyconnect-premium-or-essentials-limit 750

Regards,

Aditya

Please rate helpful and mark correct answers

thank you ! 

I am using the same username - therefor I've added the command that you have recommended !

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers