Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Silver

Cisco Router AnyConnect VPN in Router - How to Limit Concurrent Logins?

Hi everyone,

Just as the question say.
My AnyConnect VPN is working. However, I am having trouble on how to limit concurrent logins.
With my current setup, if the end users knows, they can pretty much connect with just one username.

I want limit this, that once the user is logged in. It cannot be used by another.
As far as i know, the old VPN Client has a command 'max-logins' pretty handy. However, for the AnyConnect part, I cant seem to find it :D

Thanks for the replies in advance! :D

Everyone's tags (6)
5 REPLIES

In your  group-policy

In your  group-policy definition, add the following line:

vpn-simultaneous-logins 1

That should cover it.

Silver

Hi Jody,Thanks for the reply,

Hi Jody,

Thanks for the reply, but sadly that commands is for the ASA
The config I am talking about is for the Cisco IOS Router :D

hi,try max-users under webvpn

hi,

try max-users under webvpn context command:

webvpn context MY-CONTEXT

max-users <number>

Silver

Hi John,I think the 'max

Hi John,

I think the 'max-users' command tells the router how many vpn sessions it will accept, not the concurrent logins it limits.

So that means if i configured 'max-users 1' it will only accept one VPN connection and if someone tries to connect even if he has a different username. It wont work 

It looks like this is already

It looks like this is already being covered in another question:

https://supportforums.cisco.com/discussion/12259426/ssl-vpn-cisco-router-anyconnect-config-how-limit-concurrent-logins

Apparently there is a feature request (CSCuj25736) for this that hasn't been fulfilled yet.

One tricky workaround that might work is to assign a fixed IP address for each user. The second user logging in with the same credentials will error out because the IP address is already in use. This won't work with local authentication to the best of my knowledge, but shouldn't be too difficult to do if you're authenticating off of a RADIUS server.

1485
Views
0
Helpful
5
Replies
CreatePlease to create content