Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Prioritizing client VPN connections

my risk dept is looking at swine flu pandemic planning and is wondering if certain users can have connections prioritized over the general remote access population.

Reducing the IP pool allocated to the general user and allocating addresses from a fixed pool is an option but are there other options available. All users have the VPN client and connect to ASA 8.04



Re: Prioritizing client VPN connections

I don't know if there is such feature. Anyway, once you have it, everybody will say their job is high priority. If there is a pandemic, everybody will be working remotely.

I think running out of IP in the pool is not a problem if it is designed properly. Most RA VPN problem is bandwidth and license (for SSL).


Re: Prioritizing client VPN connections

what is it that you are trying to achieve ?

that they get the bandwith ?

that they get a license ?

what are you/they afraid of running out of ?

if using radius authentication there are several things that you can do to limit a specific user. i do not however believe there are a prioritasion schedule that someone is more important than someone else.

how would it choose ?

if one who is prioritised tries to log in and the licensing is already full, who should it kick out ?

I can recomend checking out cryptocard for authentication purposes if you do not have 2 factor authentication for the users.

New Member

Re: Prioritizing client VPN connections

Hi Thanks for your reply.

The proposal is that there will be a group identified who should get connected at all times in preference to a "normal worker??" Its not a bandwidth issue. ACS Radius is used for the authentication. But as you say. how to prioritize? Its an effort to try to stop the manual kicking out process


Re: Prioritizing client VPN connections

I do not think there is a "real" way to actually do this. i came up with the same idea as you with the ip pools, but other than that it is only automated scripting I can tink of that logs on to the firewall and keeps one line open at all times.

and I would not want to kick users out with scripts.

the other option would be to buy the critical people another firewall or atleast another way in.

CreatePlease login to create content