SSL VPN !

Answered Question
Mar 22nd, 2007

Hi!

I am not really expert on troubleshooting of VPN connections. There is a question related with SSl VPN.

I have recently configured SSL VPN to our partner to get him accessed to internal WEB resources. I did it. Seems to be fine. But they are complaining about that can't keep the LAN and VPN connection simultaneously at their side. Is it normal for SSL VPN? Or?

thanks

I have this problem too.
0 votes
Correct Answer by h.parsons about 9 years 10 months ago

Under your group policy put the command: vpn-simultaneous-logins <0-2147483647> Maximum number of simultaneous logins allowed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
kaachary Thu, 03/22/2007 - 16:24

You might not have configured split tunnel. You need to configure split tunnel in the group on the headend device ( CVPN concentrator or ASA )

*Please rate if it helps.

-Kanishka

Leo_Stobbe Thu, 03/22/2007 - 22:34

I didn't get you...

Why do i need split-tunneling?

This is as i know for getting remote access vpn clinets to Internet through VPN-endpoint.

I tested myself

When i try to establish SSL VPN through the dial-up internet...I can connect and see the web servers, which is allowed through WEB VPN. But i can't go anywhere else in Internet.So i mean i want to use my dial-up internet simultaneously with ssl vpn.(not the corporate internet, through split-tunneling)

How can i do that?

kaachary Fri, 03/23/2007 - 03:04

That is not correct. Enabling Split tunnel means, only specific trafic will be tunneled, rest all other traffic(normal Internet traffic) will go through the client's ISP (in clear text).

Split tunneling is exactly opposite of what you are thinking it is to be.

To read more about split tunnel :

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00806f34fa.shtml

The doc is however for ipsec clients, but same applies to SSL clients as well.

*Please rate if helped.

-Kanishka

Leo_Stobbe Fri, 03/23/2007 - 04:31

Thanks, for information regarding the tunnel.

But if i create one username for WEB/SSL VPN,

is it possible that several users can use simultaneously this account? If not, how to do that?

kaachary Fri, 03/23/2007 - 05:07

On concentrator , Go to

Configuration-->Use Management--->Users-->Modify--->General

"Simultaneous Logins" option defines, how many simultaneous session can occur for this username.

*Please rate if helped.

-Kanishka

Correct Answer
h.parsons Fri, 03/23/2007 - 13:05

Under your group policy put the command: vpn-simultaneous-logins <0-2147483647> Maximum number of simultaneous logins allowed

balbaletabrez Sun, 02/14/2010 - 02:56

Hi can you share the SSL VPN configuration on ASA 5520.

As i intend to configure ASA 5520 for SSL.

Thanks

Tabrez

Actions

This Discussion