I am configuring ASA to be IPSec gateway for remote access. I use xAuth with Active Directory. As I tested, two remote clients could use the same username and password for authentication. Would it be possible to disallow this behavior?
The other question is can I configure the maximum number of failed attempts? Now, it is 3.
On ASA 7.2(2), using ASDM 5.2, you can configure the number of simultaneous logins under Configuration -> VPN -> General -> Group Policy, select your group policy. It's a line item titled Simultaneous Logins.
I have tried but it seemed not to work. I am doubted what it exactly means. Would it be a maximum number of concurrent users for specific group policy (I thought because it applies on the group policy level)? Or Would it be a maximum number of concurrent users who log in with the same username and password?
Thanks for your reply. I'm not sure what you meant. What's the simultaneous logins in group policy level that you've configured? Is it the maximum number of all concurrent users for that group policy? Or is it the maximum number of concurrent users which use the exactly same username and password? Could you please explain me a little bit more?
The simultaneous logins affects only that group policy. For instance on our DfltGrpPolicy users connect using the SSL VPN client. They can login three times simultaneously, the fourth time they will get a message stating they can't login.
If they connect to our ip-sec-tunnel policy, using the Cisco IPSec client, the 3 simultaneous logins for the DfltGrpPolicy don't apply, and they can login.
I don't know if there is a way to limit the number of users on the entire ASA, regardless of which group policy they connect to.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...