07-06-2010 08:02 AM
Hi experts.
I have easy vpn configured on my 3845 router for over a year period and everything is working fine. Yesterday i was given the following task
Lets say i have the following configuration
crypto isa client config group userA
key cisco123
pool test
acl test
Now lets say i have given this id to 4 users, then all those 4 users can log in using the same id at the same time !! i am asked to allow only one user to use this id at a time. Like if lets say i am using this ID from home, no one else should be able to connect using this id.
Pls tell me how to do this
Solved! Go to Solution.
07-06-2010 08:57 AM
John,
max-users parameter is what you're looking for.
It is possible to mimic the functionality provided by some RADIUS servers for limiting the maximum number of connections to a specific server group and also for limiting the number of simultaneous logins for users in that group. After user-defined thresholds are defined in each VPN group, connections will be denied until counts drop below these thresholds.
If you use a RADIUS server, such as CiscoSecure ACS, it is recommended that you enable this session control on the RADIUS server if the functionality is provided. In this way, usage can be controlled across a number of servers by one central repository. When enabling this feature on the router itself, only connections to groups on that specific device are monitored. Load-sharing scenarios are not accurately accounted for.
To configure session monitoring using command-line interface (CLI), use the crypto isakmp client configuration group command and the max-users and max-logins subcommands.
The following is an output example of RADIUS AV pairs that have been added to the relevant group:
ipsec:max-users=1000
ipsec:max-logins=1
07-06-2010 08:57 AM
John,
max-users parameter is what you're looking for.
It is possible to mimic the functionality provided by some RADIUS servers for limiting the maximum number of connections to a specific server group and also for limiting the number of simultaneous logins for users in that group. After user-defined thresholds are defined in each VPN group, connections will be denied until counts drop below these thresholds.
If you use a RADIUS server, such as CiscoSecure ACS, it is recommended that you enable this session control on the RADIUS server if the functionality is provided. In this way, usage can be controlled across a number of servers by one central repository. When enabling this feature on the router itself, only connections to groups on that specific device are monitored. Load-sharing scenarios are not accurately accounted for.
To configure session monitoring using command-line interface (CLI), use the crypto isakmp client configuration group command and the max-users and max-logins subcommands.
The following is an output example of RADIUS AV pairs that have been added to the relevant group:
ipsec:max-users=1000
ipsec:max-logins=1
07-09-2010 03:07 AM
Thanks alot Sir.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide