Re: Multiple logins

Valdas_ · ‎08-25-2008

Hi,

I have group of developers who is using few machines to do development and they need to have network connect access to few servers at the same time. How could i allow same user id to loggin from multiple locations to SSL VPN

Thanks

Message Edited by Valdas on 08-25-2008 08:44 AM

kenlars_ · ‎08-25-2008

It's not clear what you are looking for.

Do you want all of these developers to share a single ID? If so, why?

Or, do you want each of them, when they log on, to be able to access multiple servers? If this is the case, this should be simple using NC.

Valdas_ · ‎08-25-2008

All developers have they own user id, but they have multiple development machines and they need to able to login to ssl vpn from these machines at the same time. When they login to one they getting kicked out from other one.

imtravis_ · ‎08-25-2008

I believe it doesn't allow the same user to log in multiple times for security reasons. I believe you'd need to create seperate accounts for each login.

filemaniac_ · ‎08-25-2008

imtravis is right. We've had the same situation and ended up creating multiple logins for the same user for just this purpose.

Jickfoo_ · ‎08-26-2008

Is that true even if you create a duplicate realm/URL for logging in ?

in other words...

REALM1, uses AD1 AAA Server, at URL https://login1.company.com

and

REALM2, uses AD1 AAA Server, at URL https://login2.company.com

kind of a hack but just curious if that would work.

Valdas_ · ‎08-26-2008

Jickfoo, I tried

it does not work. SSL VPN complains that user already logged in. To have multiple logins for eache developer we getting to the problem that we do not have enough licenses for everybody......so I guess cisco vpn is staying for much longer that we expected.

kenlars_ · ‎08-26-2008

Licensing is based on the number of concurrent sessions. I think each instance of a user logon active at any given time would count toward the total even if you could use the same ID for all sessions for one developer. So you need as many licenses as you expect concurrent users.

Jickfoo_ · ‎08-26-2008

bummer.. multiple id's or alternate VPN I guess is the only solution.

Do you have a duplicate DC ? What if you pointed the other realm to that. Or use Kerberos instead of LDAP for the other realm? If it makes you feel any better we cant get rid of our Contivity VPN for similar issues.

kenlars_ · ‎08-26-2008

Here is something I use to solve a different problem - maybe you can find a way to use something like it.

I use the custom sign-in pages to for a specific realm to add a suffix to the user ID, so that user "999999999" becomes user 999999999@SSLVPN. I then forward the authentication request to my Radius server, which strips off the "@SSLVPN" before doing the authentication. That way, the SA thinks that ID "999999999" is different than user 999999999@SSLVPN.

Another thought, but one which might be a real kluge, is to use IVS to create multiple identical IVSs. It has to be possible for the same ID to be used in different IVSs.