IP addressing; client cannot obtain; DHCP

Unanswered Question
Jun 4th, 2007
User Badges:


VPN 3000 4.0rel with XP SP2 clients. "Use assigned address pools" is checked and I've created an address pool of 25 IPs.

After a user gets disconnected due to "IKE lost contact, keepalive..." the user cannot reconnect because of the "cannot obtain IP address" error.

Question: if not instantly, how long does it take for the PIX to release an IP address of a disconnected client? It's not the case that it never releases since that would mean after several days no one would be able to log in, so it disqualifies the CSCed22637 bug (Pool addresses marked as externally in use are never re-enabled).

Any insight appreciated!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vkapoor5 Fri, 06/08/2007 - 10:07
User Badges:
  • Bronze, 100 points or more

I think that the PIX should release the IP address as configured when the client is disconnected. However the address may not get released if the crypto association is still there. You can check it by using command show crypto ipsec sa. I think using PPTP may help you. Following link may help you



This Discussion