Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
753
Views
0
Helpful
5
Replies

xAuth with Active Directory questions

nitass
Level 1
Level 1

‎09-18-2007 06:28 AM

I am configuring ASA to be IPSec gateway for remote access. I use xAuth with Active Directory. As I tested, two remote clients could use the same username and password for authentication. Would it be possible to disallow this behavior?

The other question is can I configure the maximum number of failed attempts? Now, it is 3.

Please advice.

Many thanks,

Nitass

Labels:
0 Helpful
5 Replies 5

schostag
Level 1
Level 1

‎09-18-2007 11:57 AM

On ASA 7.2(2), using ASDM 5.2, you can configure the number of simultaneous logins under Configuration -> VPN -> General -> Group Policy, select your group policy. It's a line item titled Simultaneous Logins.

0 Helpful

nitass
Level 1
Level 1
In response to schostag

‎09-18-2007 04:16 PM

I have tried but it seemed not to work. I am doubted what it exactly means. Would it be a maximum number of concurrent users for specific group policy (I thought because it applies on the group policy level)? Or Would it be a maximum number of concurrent users who log in with the same username and password?

Please advice.

Many thanks,

Nitass

0 Helpful

schostag
Level 1
Level 1
In response to nitass

‎09-19-2007 05:57 AM

It applies to all users connecting to that Group Policy. I've tried it with my configuration and it works.

I'm not sure how to lock down 1 user at at time, regardless of policy they connect to.

0 Helpful

nitass
Level 1
Level 1
In response to schostag

‎09-19-2007 06:06 AM

Hi Schostaq,

Thanks for your reply. I'm not sure what you meant. What's the simultaneous logins in group policy level that you've configured? Is it the maximum number of all concurrent users for that group policy? Or is it the maximum number of concurrent users which use the exactly same username and password? Could you please explain me a little bit more?

Many thanks,

Nitass

0 Helpful

schostag
Level 1
Level 1
In response to nitass

‎09-19-2007 06:29 AM

The simultaneous logins affects only that group policy. For instance on our DfltGrpPolicy users connect using the SSL VPN client. They can login three times simultaneously, the fourth time they will get a message stating they can't login.

If they connect to our ip-sec-tunnel policy, using the Cisco IPSec client, the 3 simultaneous logins for the DfltGrpPolicy don't apply, and they can login.

I don't know if there is a way to limit the number of users on the entire ASA, regardless of which group policy they connect to.

0 Helpful
Customers Also Viewed These Support Documents