Solved

Not able to add a new user to a Cisco VPN Concentrator 3005

Posted on 2008-06-23
11
1,092 Views
Last Modified: 2012-08-14
I have a cisco 3005 concentrator with 146 users.
When I try to add a new user i get the following error.
Unable to set user name (Too Many Entries Error. Delete an entry before adding a new one).

Is this correct?

Can I only add 146 user in total to a VPN 3005 running on version 4.1.7.E .
Also were is the location for total numer of users allowed?

Please help
0
Comment
Question by:Rnetmaster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 9

Expert Comment

by:trinak96
ID: 21854045
Hi,
Have a look here : http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5749/ps2284/product_data_sheet09186a00801d3b56.html

The model comparison table just over half way down.

Maximum number of ipsec users = 200, but read the caveat on memory etc....
0
 

Author Comment

by:Rnetmaster
ID: 21855138
I see the Cisco article and model comparison. Its speaks about 200 simultaneous users. I am guessing this is refering to active logged in VPN IPSEC users. The 3005 unit  we have has 64MB of RAM installed. I dont see any reference to adding local user accounts based on installed memory.

Am I reading it wrong here???

0
 
LVL 9

Expert Comment

by:trinak96
ID: 21856246
OK, I see what you mean.....have you any other VPN configuration on the box, site-site etc...?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Expert Comment

by:Voltz-dk
ID: 21859082
Do you have alot of groups?  Each group takes up one of these slots..
0
 

Author Comment

by:Rnetmaster
ID: 21859675
OK

I have 146 local users
I have 1 Lan to Lan Tunnel
i have 5 groups including the base group


VPN-Error.doc
0
 
LVL 15

Expert Comment

by:Voltz-dk
ID: 21860051
Well, so you have used your 150 slots you have for a 3005.
0
 

Author Comment

by:Rnetmaster
ID: 21860168
I am not sure were you get 150 total slots allowed?
Are we counting the 50 and 100 below as a total count?

Simultaneous IPsec users 200
Simultaneous SSL VPN (Clientless) Users** 50
Maximum LAN-to-LAN Sessions 100

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5749/ps2284/product_data_sheet09186a00801d3b56.html
0
 
LVL 15

Accepted Solution

by:
Voltz-dk earned 500 total points
ID: 21860224
That is simultaneous users, not capacity of the local user database.  If you open the help and click user management, you'll see a table where it tells how many users/groups you can define locally.  (It actually hasn't been updated, so it will tell you limit is 100 which it used to be.)

So how would you get more connections that you have users?  By using external authentication, say RADIUS.  Which is also what they suggest for a large amount of users.

You can also check it out in the online version:

http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/configuration/guide/Usermgt.html#wp1685274
0
 

Author Comment

by:Rnetmaster
ID: 21860586
I see the chart, so your saying the table is incorrect and the actual amount is now 150 and not 100.
So Radius is the way to go, or upgrade to a 3020 correct?

Table 8-1 Maximum Number of Groups and Users for the Internal Authentication Server VPN Concentrator Model
 Maximum Number of Groups and Users (Combined)
 
3005 100
3015 100
3020 500
3030 500
3060 1000
3080 1000
0
 
LVL 15

Expert Comment

by:Voltz-dk
ID: 21860788
Ya, RADIUS is a good idea.  As for upgrading, I wouldn't upgrade to another 3000-series unless it was very cheap, since they are past end-of-life.  (At least the announcement).

And I've actually never seen a 3020, wonder if those got retired earlier..  Could just be random chance though.
0
 

Author Closing Comment

by:Rnetmaster
ID: 31469875
Thanks for your help!!
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question