11-13-2014 08:26 AM
Hi Team,
I am unable to connect Cisco Anyconnect VPN, what I have observed that, except me everyone able to connect.
The below are the logs from syslog server.
2014-11-13T13:57:30+01:00 1.1.1.1 %ASA-6-113004: AAA user authentication Successful : server = 5.5.5.5 : user = rockline@xxx.com
2014-11-13T13:57:30+01:00 1.1.1.1 %ASA-6-113009: AAA retrieved default group policy (CiscoAC) for user = rockline@xxx.com
2014-11-13T13:57:30+01:00 1.1.1.1 %ASA-6-113008: AAA transaction status ACCEPT : user = rockline@xxx.com
2014-11-13T13:57:30+01:00 1.1.1.1 %ASA-4-113029: Group <CiscoAC> User <rockline@xxx.com> IP <2.2.2.2> Session could not be established: session limit of 4 reached.
2014-11-13T13:57:30+01:00 1.1.1.1 %ASA-4-113038: Group <CiscoAC> User <rockline@xxx.com> IP <2.2.2.2> Unable to create AnyConnect parent session.
2014-11-13T13:57:30+01:00 1.1.1.1 %ASA-6-725007: SSL session with client outside:2.2.2.2/58735 terminated
Looking forward for your response.
Thanks.
11-13-2014 06:50 PM
It sounds like you are using AnyConnect Premium with an HA pair of ASAs each with two free licenses. Any user currently connected via an SSL VPN connection will use one of those licenses. The 5th user would result in the message you show above. IPsec VPN clients would not count against that total.
08-09-2017 03:27 PM
In my case it turned out that the vpn session was not terminating after disconnect, so users were having multiple sessions. Check in ASDM > Monitoring. Look at AnyConnect sessions and disconnect them. We are looking at away to disconnect idle sessions. I think I saw it set to never somewhere.
08-09-2017 07:55 PM
This thread is 3 years old but - yes - you can set idle timeout.
The following example shows how set a vpn-idle-timeout of 10 minutes, and to decrease the default-idle-timeout to 1200 seconds (20 minutes):
hostname(config)# group-policy telecommuters attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# vpn-idle-timeout 10
hostname(config-group-webvpn)# default-idle-timeout 1200
Reference:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_anyconnect.html#wp1119393
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: