cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
465
Views
0
Helpful
4
Replies

Prioritizing client VPN connections

macloughs
Level 1
Level 1

my risk dept is looking at swine flu pandemic planning and is wondering if certain users can have connections prioritized over the general remote access population.

Reducing the IP pool allocated to the general user and allocating addresses from a fixed pool is an option but are there other options available. All users have the VPN client and connect to ASA 8.04

Thanks

4 Replies 4

Danilo Dy
VIP Alumni
VIP Alumni

I don't know if there is such feature. Anyway, once you have it, everybody will say their job is high priority. If there is a pandemic, everybody will be working remotely.

I think running out of IP in the pool is not a problem if it is designed properly. Most RA VPN problem is bandwidth and license (for SSL).

hobbe
Level 7
Level 7

what is it that you are trying to achieve ?

that they get the bandwith ?

that they get a license ?

what are you/they afraid of running out of ?

if using radius authentication there are several things that you can do to limit a specific user. i do not however believe there are a prioritasion schedule that someone is more important than someone else.

how would it choose ?

if one who is prioritised tries to log in and the licensing is already full, who should it kick out ?

I can recomend checking out cryptocard for authentication purposes if you do not have 2 factor authentication for the users.

Hi Thanks for your reply.

The proposal is that there will be a group identified who should get connected at all times in preference to a "normal worker??" Its not a bandwidth issue. ACS Radius is used for the authentication. But as you say. how to prioritize? Its an effort to try to stop the manual kicking out process

I do not think there is a "real" way to actually do this. i came up with the same idea as you with the ip pools, but other than that it is only automated scripting I can tink of that logs on to the firewall and keeps one line open at all times.

and I would not want to kick users out with scripts.

the other option would be to buy the critical people another firewall or atleast another way in.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: