Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Disable VPN profiles in Cisco ASA 5550

I need to disable approxematly 40 different VPN profiles in our ASA5550`s without deleting them (need the ability to quickly activate them again if needed).

I thought maybe i could disable IPSec for those profiles, but since the IPSec is an attribute for Group Policy, i cant do it - as many other profiles are sharing the same policy.

Is there any easy way to set these profiles inactive?

Community Member

Re: Disable VPN profiles in Cisco ASA 5550

I'm not much of a GUI person when it comes to Cisco but I would highly suggest using the ASDM interface for this.  Quickly displays

all the profiles and provides a 'checkbox' to enable or disable any of the profiles.

Community Member

Disable VPN profiles in Cisco ASA 5550

If you disable all of the remote access types (anyconnect, clientless, ipsec, etc.) it will still allow users to connect.  Instead you have to get on the CLI and go into the group policy "group-policy attributes"  then type "vpn-simultaneous-logins 0"

According to the command output below this should disable all logins:

VPN(config-group-policy)# vpn-simultaneous-logins ?

group-policy mode commands/options:

  <0-2147483647>  Maximum number of simultaneous logins allowed, enter 0 to

                  disable login and prevent user access

Note:  that doesn't disconnect the clients that are already connected.  You will have to do the following for the tunnel-group "vpn-sessiondb logoff tunnel-group "

Community Member

it is working well, thank you

it is working well, thank you.

but i configure it under user not group.

CreatePlease to create content