Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
960
Views
0
Helpful
4
Replies

Connection Limitation with same AD credential on ISE

Go to solution
alparslan islek
Level 1
Level 1

‎04-11-2014 09:17 AM - edited ‎03-10-2019 09:38 PM

Hi All,

I want that if A client has a successful connection - started session to company network with his/her domain account,he/she must not connect to network with same domain account from another device at same time.

I try to prevent connection more than one same time successful sessions with same domain credential from different devices.

thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ahmad Murad
Level 1
Level 1

‎04-15-2014 04:51 AM

Hi,

I already discussed this here, and also with Cisco local SE, and for the time being, the ISE does not have any mechanism to limit the number of sessions per username, this feature is only available for the guest users.

Also, we can have a workaround for this on Cisco WLC (Wireless) since the WLC has a feature to limit the number of sessions per username, and also you can limit the number of sessions on the ASA for the VPN access.

There is no workaround for the access switches, so you need to do a policy on the AD/Domain itself if applicable.

 

Thanks.

Ahmad.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎04-11-2014 09:53 AM

Are you looking to restrict access to only corporate assets and not allowing the same credentials authenticate against another device i.e. a smartphone? If so they you may want to consider the use of eap-tls where the certificate is issued to the workstation that the user is connecting from.

There isnt a feature that limits maximum simultaneous logins for internal users, that feature is only available on the guest side of ISE. I would recommend contacting cisco tac or your local rep to see if there is a feature that allows you to restrict the maximum logins that a corporate user can have on the network. This feature was available in ACS 4.2.

Thanks,

0 Helpful

Go to solution
kaaftab
Level 4
Level 4

‎04-14-2014 07:13 AM

In ISE 1.2 you can not restrict the number of simultaneous session may be in further release this feature might be offered and tarik is right using certificated you can narrow your connecting nodes.

0 Helpful

Go to solution
Ahmad Murad
Level 1
Level 1

‎04-15-2014 04:51 AM

Hi,

I already discussed this here, and also with Cisco local SE, and for the time being, the ISE does not have any mechanism to limit the number of sessions per username, this feature is only available for the guest users.

Also, we can have a workaround for this on Cisco WLC (Wireless) since the WLC has a feature to limit the number of sessions per username, and also you can limit the number of sessions on the ASA for the VPN access.

There is no workaround for the access switches, so you need to do a policy on the AD/Domain itself if applicable.

 

Thanks.

Ahmad.

0 Helpful

Go to solution
Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎04-16-2014 06:52 AM

Deploying EAP Chaining with AnyConnect  NAM and Cisco ISE

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_80_eapchaining_deployment.pdf

0 Helpful
Customers Also Viewed These Support Documents