Description
You want to terminate IPSec VPN's on the router and remote access (via AnyConnect) on the ASA? If you setup the remote access VPN on the ASA to use SSL-VPN (tcp/443 and udp/443) then you could port forward those ports to the ASA and leave udp/500 on the router for IPSec VPN's. I have 2 Cisco routers onsite. One is Cisco C867 and another one is Cisco 887 (old router used for internet and Anyconnect VPN). The internet facing router is Cisco C867 and we just use Cisco 887 for Anyconnect VPN. Reason being, Cisco C867 doesn't support Anyconnect VPN. I want to port forward Anyconnect VPN traffic to the Cisco 887 router. Cisco AnyConnect Secure Mobility Client. Cisco Firepower Management Center (FMC). Components Used. The information in this document is based on these software and hardware versions: FTD managed by FMC 6.4.0. The information in this document was created from the devices in a specific lab environment.
Explains limit of two simultaneous VPN sessions per username and errors that result if this limit is exceeded.
Content / Solution:
Apple paint for mac. CloudControl only allows two simultaneous VPN sessions per username. If you need to have more than two VPN sessions at one time then you can create additional Sub-Administrator accounts and use those credentials for the AnyConnect VPN to establish more sessions. For more details, see How to Create a Sub-Administrator using the CloudControl UI.
If you establish a new VPN connection with the same user account when exceeding 2 sessions, one of the other VPN connections will terminate with the following error message:
Windows
The secure gateway has terminated the VPN connection. Close all sensitive networked applications. The following message was received from the secure gateway: Port Preempted
Mac/OSX
The remote peer has terminated the VPN connection. Close all sensitive networked applications. The following message was received from the remote VPN device: Port Preempted