Solved

Not able to add a new user to a Cisco VPN Concentrator 3005

Posted on 2008-06-23
11
1,073 Views
Last Modified: 2012-08-14
I have a cisco 3005 concentrator with 146 users.
When I try to add a new user i get the following error.
Unable to set user name (Too Many Entries Error. Delete an entry before adding a new one).

Is this correct?

Can I only add 146 user in total to a VPN 3005 running on version 4.1.7.E .
Also were is the location for total numer of users allowed?

Please help
0
Comment
Question by:Rnetmaster
  • 5
  • 4
  • 2
11 Comments
 
LVL 9

Expert Comment

by:trinak96
ID: 21854045
Hi,
Have a look here : http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5749/ps2284/product_data_sheet09186a00801d3b56.html

The model comparison table just over half way down.

Maximum number of ipsec users = 200, but read the caveat on memory etc....
0
 

Author Comment

by:Rnetmaster
ID: 21855138
I see the Cisco article and model comparison. Its speaks about 200 simultaneous users. I am guessing this is refering to active logged in VPN IPSEC users. The 3005 unit  we have has 64MB of RAM installed. I dont see any reference to adding local user accounts based on installed memory.

Am I reading it wrong here???

0
 
LVL 9

Expert Comment

by:trinak96
ID: 21856246
OK, I see what you mean.....have you any other VPN configuration on the box, site-site etc...?
0
 
LVL 15

Expert Comment

by:Voltz-dk
ID: 21859082
Do you have alot of groups?  Each group takes up one of these slots..
0
 

Author Comment

by:Rnetmaster
ID: 21859675
OK

I have 146 local users
I have 1 Lan to Lan Tunnel
i have 5 groups including the base group


VPN-Error.doc
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 15

Expert Comment

by:Voltz-dk
ID: 21860051
Well, so you have used your 150 slots you have for a 3005.
0
 

Author Comment

by:Rnetmaster
ID: 21860168
I am not sure were you get 150 total slots allowed?
Are we counting the 50 and 100 below as a total count?

Simultaneous IPsec users 200
Simultaneous SSL VPN (Clientless) Users** 50
Maximum LAN-to-LAN Sessions 100

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5749/ps2284/product_data_sheet09186a00801d3b56.html
0
 
LVL 15

Accepted Solution

by:
Voltz-dk earned 500 total points
ID: 21860224
That is simultaneous users, not capacity of the local user database.  If you open the help and click user management, you'll see a table where it tells how many users/groups you can define locally.  (It actually hasn't been updated, so it will tell you limit is 100 which it used to be.)

So how would you get more connections that you have users?  By using external authentication, say RADIUS.  Which is also what they suggest for a large amount of users.

You can also check it out in the online version:

http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/configuration/guide/Usermgt.html#wp1685274
0
 

Author Comment

by:Rnetmaster
ID: 21860586
I see the chart, so your saying the table is incorrect and the actual amount is now 150 and not 100.
So Radius is the way to go, or upgrade to a 3020 correct?

Table 8-1 Maximum Number of Groups and Users for the Internal Authentication Server VPN Concentrator Model
 Maximum Number of Groups and Users (Combined)
 
3005 100
3015 100
3020 500
3030 500
3060 1000
3080 1000
0
 
LVL 15

Expert Comment

by:Voltz-dk
ID: 21860788
Ya, RADIUS is a good idea.  As for upgrading, I wouldn't upgrade to another 3000-series unless it was very cheap, since they are past end-of-life.  (At least the announcement).

And I've actually never seen a 3020, wonder if those got retired earlier..  Could just be random chance though.
0
 

Author Closing Comment

by:Rnetmaster
ID: 31469875
Thanks for your help!!
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now