Guest

Preview Tool

Cisco Bug: CSCvv68330 - ENH: Option to disconnect VPN session based on Group Policy

Last Modified

Sep 23, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.14(1.19)

Description (partial)

Symptom:
For certain cases where customers are using AnyConnect, there are scenarios where there is only one connection profile or tunnel-group configured but there might be multiple group policies.
Group policy assignment might be through a RADIUS server or through a LDAP Attribute map.
But we do not have the option to disconnect a session using the group policy (in case there are changes made to a group policy which need reconnection from all users of that particular group policy). The only suitable options left are to disconnect users on the base of the Username (which takes a long time if the customer has 1000's of users) or using the tunnel group (which will disconnect all users).

We need to have a CLI which allows us to clear the VPN sessions of users getting assigned a particular group policy (A CLI similar to the tunnel group option we currently have).

Conditions:
Using RA VPN with a single connection profile and multiple group policies and need to disconnect users of a specific group policy.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.