Have you seen enterprise VPN settings (setting as in environment or context) where 2 simultaneous connections were allowed per VPN user? Or more? Or something similar?
Edit: I would normally need the “Question” tag for this but there’s no such thing
No, that have never been allowed on any place where Ive been running any IT department. Even third party vendors needed to have personal accounts and we only accepted one connection.
The only exception have been cases where we have allowed to connect using a client and a web browser at the same time.
If your VPN works over TCP, you can do this pretty easily. Not sure which products support this mode of operation out of the box. But there isn’t too much of a technical reason to disallow that capability, if it doesn’t run contrary to policy.
But for VPNs that run over connection-free transports, it defeats the best feature. With something like Wireguard, you can keep your tunnel open, even if your IP changes (e.g. because you switched from WiFi to mobile). This wouldn’t work if you allowed multiple clients to establish simultaneous tunnels using the same credentials.
Also, in many cases, IT departments prefer associating tunnels with a particular device. That makes it much easier to revoke compromised credentials without impacting anybody else. So, usually, if a user needs multiple tunnels, you just provision those separately.
What’s your use case that would prevent this?
Sure. But often limited to, for example, the IT team.
Yes. We have an environment inside our Org that we have to VPN into from the “normal/insecure” intranet. That environment has a couple of administrative VPN logins which are one “user” but max two are able to log on with simultaneously.
Cisco Anyconnect supports it non problem, but the use cases for it are slim.
What software did your company use? Cisco? And what was their reasoning behind this setting or setup?
Actually yes, it was Cisco based.
The reason behind this was that everything behind the vpn was also firewalled and protected by authentication. So a ‘group’ of users would get a VPN connection to their, and only their, resources. In reality the group would only be 1 or 2 persons (but I’ve known about a VPN that was legitimately shared to a whole third party company, we did our best to shut that down).