We have 20 separate devices that have a concurrent user limit of 5 each. These devices do not have any type of administrative features that allow the management of incoming connections. Therefore the first 5 users to connect, get in and could stay logged in indefinitely. We have over 40 users that need access to each device at different times. Some with higher priority than others.
Our current solution: Implemented an ASA-5506 with separate rules/groups of IP's. One small group, say "Priority 1" contains a handful of high priority IP's. The rest of the users/IP's are in a second group "Priority 2". If at a given time a device is full with 5 connections and someone from Priority 1 needs access, the second rule is disabled and one unlucky IP from the lower priority group is manually disconnected via console command to make room.
Is it possible to automate this in any way? Such as automatically disconnecting and temporarily blocking IP(s) from Priority 2 to allow users from Priority 1 to connect. And then automatically unblocking them once Priority 1 disconnects?
No comments:
Post a Comment