Cisco Bug: CSCsz37164 - "vpn-simultaneous-logins 0" does not prevent user access in all cases
Nov 09, 2016
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: The documentation for the vpn-simultaneous-logins command (http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/uz.html#wp1572279) states: "Enter 0 to disable login and prevent user access" However, under some circumstances "vpn-simultaneous-logins 0" does not prevent user access. For example, if there are two tunnel groups associated with different group policies and one of the tunnel groups has been disabled by way of "vpn-simultaneous-logins 0" in the tunnel group's associated group policy, if user A logs in using tunnel group A, the same user A will be able to log in using tunnel group B even if this group has "vpn-simultaneous-logins 0". Conditions: A tunnel group has been disabled by way of the "vpn-simultaneous-logins 0" command and the same user that is currently logged in using a non-disabled tunnel group attempts to log into the tunnel group that is disabled.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases