EasyVpn, limited connection ?

Answered Question
Jul 6th, 2010
User Badges:

Hi experts.


I have easy vpn configured on my 3845 router for over a year period and everything is working fine. Yesterday i was given the following task


Lets say i have the following configuration


crypto isa client config group userA

key cisco123

pool test

acl test


Now lets say i have given this id to 4 users, then all those 4 users can log in using the same id at the same time !! i am asked to allow only one user to use this id at a time. Like if lets say i am using this ID from home, no one else should be able to connect using this id.


Pls tell me how to do this

Correct Answer by Marcin Latosiewicz about 6 years 9 months ago

John,


max-users parameter is what you're looking for.


http://cisco.biz/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_easy_vpn_srvr_ps6441_TSD_Products_Configuration_Guide_Chapter.html

Session Monitoring for VPN Group Access

It is possible to mimic the functionality provided by some RADIUS  servers for limiting the maximum number of connections to a specific  server group and also for limiting the number of simultaneous logins for  users in that group. After user-defined thresholds are defined in each  VPN group, connections will be denied until counts drop below these  thresholds.

If you use a RADIUS server, such as CiscoSecure ACS, it is recommended  that you enable this session control on the RADIUS server if the  functionality is provided. In this way, usage can be controlled across a  number of servers by one central repository. When enabling this feature  on the router itself, only connections to groups on that specific  device are monitored. Load-sharing scenarios are not accurately  accounted for.

To configure session monitoring using command-line interface (CLI), use  the crypto isakmp client configuration group command and the max-users and max-logins subcommands.

The following is an output example of RADIUS AV pairs that have been  added to the relevant group:

ipsec:max-users=1000
ipsec:max-logins=1

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Marcin Latosiewicz Tue, 07/06/2010 - 08:57
User Badges:
  • Cisco Employee,

John,


max-users parameter is what you're looking for.


http://cisco.biz/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_easy_vpn_srvr_ps6441_TSD_Products_Configuration_Guide_Chapter.html

Session Monitoring for VPN Group Access

It is possible to mimic the functionality provided by some RADIUS  servers for limiting the maximum number of connections to a specific  server group and also for limiting the number of simultaneous logins for  users in that group. After user-defined thresholds are defined in each  VPN group, connections will be denied until counts drop below these  thresholds.

If you use a RADIUS server, such as CiscoSecure ACS, it is recommended  that you enable this session control on the RADIUS server if the  functionality is provided. In this way, usage can be controlled across a  number of servers by one central repository. When enabling this feature  on the router itself, only connections to groups on that specific  device are monitored. Load-sharing scenarios are not accurately  accounted for.

To configure session monitoring using command-line interface (CLI), use  the crypto isakmp client configuration group command and the max-users and max-logins subcommands.

The following is an output example of RADIUS AV pairs that have been  added to the relevant group:

ipsec:max-users=1000
ipsec:max-logins=1

Actions

This Discussion