Cisco ASA 5505 Configuration Manual page 1319

Chapter 64 General VPN Setup
Simultaneous Logins—Specifies the maximum number of simultaneous logins allowed for this user.
•
The default value is 3. The minimum value is 0, which disables login and prevents user access.
Note
• Restrict Access to VLAN—(Optional) Also called "VLAN mapping," this parameter specifies the
egress VLAN interface for sessions to which this group policy applies. The adaptive security
appliance forwards all traffic on this group to the selected VLAN. Use this attribute to assign a
VLAN to the group policy to simplify access control. Assigning a value to this attribute is an
alternative to using ACLs to filter traffic on a session. In addition to the default value (Unrestricted),
the drop-down list shows only the VLANs that are configured on this adaptive security appliance.
Note
• Connection Profile (Tunnel Group) Lock—This parameter permits remote VPN access only with the
selected connection profile (tunnel group), and prevents access with a different connection profile.
The default inherited value is None.
Maximum Connect Time—If the Inherit check box is not checked, this parameter specifies the
•
maximum user connection time in minutes. At the end of this time, the system terminates the
connection. The minimum is 1 minute, and the maximum is 35791394 minutes (over 4000 years).
To allow unlimited connection time, check Unlimited (the default).
Idle Timeout—If the Inherit check box is not checked, this parameter specifies this user's idle
•
timeout period in minutes. If there is no communication activity on the user connection in this
period, the system terminates the connection. The minimum time is 1 minute, and the maximum time
is 10080 minutes. The default is 30 minutes. To allow unlimited connection time, check Unlimited.
This value does not apply to Clientless SSL VPN users.
On smart card removal—With the default option, Disconnect, the client tears down the connection
•
if the smart card used for authentication is removed. Click Keep the connection if you do not want
to require users to keep their smart cards in the computer for the duration of the connection.
Web ACL—(Clientless SSL VPN only) Choose an access control list (ACL) from the drop-down list
•
if you want to filter traffic. Click Manage next to the list if you want to view, modify, add, or remove
ACLs before making a selection.
Manage—Displays the ACL Manager dialog box, with which you can add, edit, and delete Access
•
Control Lists (ACLs) and Extended Access Control Lists (ACEs). For more information about the
ACL Manager, see the online Help for that dialog box.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
OL-20339-01
While there is no maximum limit, allowing several simultaneous connections might
compromise security and affect performance.
This feature works for HTTP connections, but not for FTP and CIFS.
Security Context
Transparent Single
—
•
Multiple
Context System
— —
Cisco ASA 5500 Series Configuration Guide using ASDM
Group Policies
64-9