Guest

Preview Tool

Cisco Bug: CSCsz37164 - "vpn-simultaneous-logins 0" does not prevent user access in all cases

Last Modified

Nov 09, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.0(4)

Description (partial)

Symptom:

The documentation for the vpn-simultaneous-logins command
(http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/uz.html#wp1572279)
states:

"Enter 0 to disable login and prevent user access"

However, under some circumstances "vpn-simultaneous-logins 0" does
not prevent user access. For example, if there are two tunnel groups
associated with different group policies and one of the tunnel groups
has been disabled by way of "vpn-simultaneous-logins 0" in the tunnel
group's associated group policy, if user A logs in using tunnel group A,
the same user A will be able to log in using tunnel group B even if this
group has "vpn-simultaneous-logins 0".

Conditions:

A tunnel group has been disabled by way of the "vpn-simultaneous-logins
0" command and the same user that is currently logged in using a
non-disabled tunnel group attempts to log into the tunnel group that is
disabled.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.