Disable VPN profiles in Cisco ASA 5550

Unanswered Question
Feb 11th, 2010

I need to disable approxematly 40 different VPN profiles in our ASA5550`s without deleting them (need the ability to quickly activate them again if needed).

I thought maybe i could disable IPSec for those profiles, but since the IPSec is an attribute for Group Policy, i cant do it - as many other profiles are sharing the same policy.

Is there any easy way to set these profiles inactive?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Snydersh1_2 Fri, 02/12/2010 - 05:24

I'm not much of a GUI person when it comes to Cisco but I would highly suggest using the ASDM interface for this.  Quickly displays

all the profiles and provides a 'checkbox' to enable or disable any of the profiles.

ncowger Fri, 10/12/2012 - 08:24

If you disable all of the remote access types (anyconnect, clientless, ipsec, etc.) it will still allow users to connect.  Instead you have to get on the CLI and go into the group policy "group-policy attributes"  then type "vpn-simultaneous-logins 0"

According to the command output below this should disable all logins:

VPN(config-group-policy)# vpn-simultaneous-logins ?

group-policy mode commands/options:

  <0-2147483647>  Maximum number of simultaneous logins allowed, enter 0 to

                  disable login and prevent user access

Note:  that doesn't disconnect the clients that are already connected.  You will have to do the following for the tunnel-group "vpn-sessiondb logoff tunnel-group "

Actions

This Discussion