Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA CUT-THROGH PROXY CONCURRENT LOGIN

Hi all,

Does anybody know a method to limit a username login to only one per session? I mean when user A does a successfully login, nobody can not login with the same username of user A.

Any help would be appreciated.

Riko

5 REPLIES

Re: ASA CUT-THROGH PROXY CONCURRENT LOGIN

Hi,

Which method of cut-through proxy authentication are you using? http, ftp, telnet?

Are you positive that after a user authenticates itself against the ASA, and it shows under ''sh uauth'', another user can connect with the same credentials?

I haven't done the test, but I thought that while there was an entry in the uauth table, no other user can connect with the same credentials. Please verify this and if that's the case, post the output of the ''show uauth'.

Federico.

New Member

Re: ASA CUT-THROGH PROXY CONCURRENT LOGIN

Hi,

I am using cut-through proxy authemtication for http.

I can logon with the same user from 2 different pc's simultaneously as shown below:

PIX# sh uauth
                             Current         Most Seen
Authenticated Users       2          2
Authen In Progress        0          1
user 'test' at 192.168.0.2, authenticated
   absolute   timeout: 0:05:00
   inactivity timeout: 0:00:00
user 'test' at 192.168.0.3, authenticated
   absolute   timeout: 0:05:00
   inactivity timeout: 0:00:00
PIX#

Any ideas?

New Member

Re: ASA CUT-THROGH PROXY CONCURRENT LOGIN

I have found this:

To manually configure the uauth session limit by setting the maximum number of concurrent proxy connections allowed per user, use the aaa proxy-limit command in global configuration mode. To disable proxies, use the disable parameter. To return to the default proxy-limit value (16), use the no
form of this command.

aaa proxy-limit (proxy_limit)

I will this try asap.

Riko

New Member

Re: ASA CUT-THROGH PROXY CONCURRENT LOGIN

The command aaa proxy-limit did not resolve the problem: it regards the concurrent login attempt, not the concurrent user session.....

Re: ASA CUT-THROGH PROXY CONCURRENT LOGIN

This is interesting, I know that if you're authenticating against another server for instance ACS, you can set up that, but locally on the ASA I'm not sure.

ASA(config)# aaa local authentication attempts max-fail ?

configure mode commands/options:
  <1-16>  Specify the value for max failed attempts (1 - 16)

The previous command was for the amount of tries given to a user.

To be able to limit the amount of connections per user (using the local database of the ASA) I have not found an option.

I will try to check and get back to you.

Federico.

546
Views
0
Helpful
5
Replies
CreatePlease login to create content