You can modify the default connection profiles, and you can configure a new connection profile as any
of the three tunnel-group types. If you don’t explicitly configure an attribute in a connection profile, that
attribute gets its value from the default connection profile. The default connection-profile type is remote
access. The subsequent parameters depend upon your choice of tunnel type. To see the current
configured and default configuration of all your connection profiles, including the default connection
profile, enter the show running-config all tunnel-group command.

Maximum Connection Profiles

The maximum number of connection profiles (tunnel groups) that an ASA can support is a function of
the maximum number of concurrent VPN sessions for the platform + 5. For example, an ASA5505 can
support a maximum of 25 concurrent VPN sessions allowing for 30 tunnel groups (25+5). Attempting
to add an additional tunnel group beyond the limit results in the following message: "ERROR: The limit
of 30 configured tunnel groups has been reached"

Table

Table 67-2

specifies the maximum VPN sessions and connection profiles for each ASA platform.

override-svc-download

Overrides downloading the group-policy or username attributes
configured for downloading the AnyConnect VPN client to the remote
user.

radius-reject-message

Enables the display of the RADIUS reject message on the login screen
when authentication is rejected.

Table 67-1

Connection Profile Attributes for SSL VPN

Command

Function

Table 67-2

Maximum VPN Sessions and Connection Profiles Per ASA Platform

5505 Base/
Security Plus

5510/Base/
Security Plus

5520

5540

5550

5580-20

5580-40

Maximum VPN Sessions

10/25

250

750

5000

10,000

Maximum Connection Profiles

15/30

255

755

5005

10,005

Advertising

This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands

Popular manuals