Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 791
  • Last Modified:

How to configure IAS in Server 2003 to configure a Radius server for use with Cisco VPN Concentrators

Currently I have a three Cisco VPN Concentrators that are load balanced.  I have a Windows 2003 server for my Radius server.  This allows users to log in to the Cisco VPN Client with their Active Directory User name and password.  This is my question.  Is there anywhere in the Cisco Concentrator or the IAS Server that will allow for example "John Doe" to only be able to log in once.  What I'm trying to prevent is the same user logging in multiple times.  When I look in the concentrator and go to the general tab of the group, there is an option for Simultaneous Logins, but this is for simultaneous logins for this group, not per user.  Is there a way to accomplish what I am trying to do?  Thanks.
0
denver218
Asked:
denver218
  • 2
  • 2
1 Solution
 
mikegattiCommented:
inside your default group policy you can add the command:

group-policy DfltGrpPolicy attributes
 vpn-simultaneous-logins 1

that should stop users from simultaneous logins

Also, on the IAS side there is nothing to do (as far as I know), we are evaluating replacing our RADIUS solution with CISCO ACS, OCS RADIATOR or another vendor.

-------------------------------------
vpn-simultaneous-logins

To configure the number of simultaneous logins permitted for a user, use the vpn-simultaneous-logins command in group-policy configuration mode or username configuration mode. To remove the attribute from the running configuration, use the no form of this command. This option allows inheritance of a value from another group policy. Enter 0 to disable login and prevent user access.


http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/uz_72.html#wp1413067


0
 
denver218Author Commented:
Thanks but this seems to be for a ASA.  I'm am using a cisco VPN concentrator 3060.
0
 
mikegattiCommented:
No problem, navigate Configuration>User Managemtn>Groups, select a group in the list and click on  on modify group, click the General tab of you vpn group,  there is an option Simultaneous Logins, you can set that option to 1. Or you can go in your Base group and set that option to 1 and it will apply to all groups
0
 
denver218Author Commented:
Thanks
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now