cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
264
Views
0
Helpful
1
Replies

IP addressing; client cannot obtain; DHCP

terencekam
Level 1
Level 1

Hello,

VPN 3000 4.0rel with XP SP2 clients. "Use assigned address pools" is checked and I've created an address pool of 25 IPs.

After a user gets disconnected due to "IKE lost contact, keepalive..." the user cannot reconnect because of the "cannot obtain IP address" error.

Question: if not instantly, how long does it take for the PIX to release an IP address of a disconnected client? It's not the case that it never releases since that would mean after several days no one would be able to log in, so it disqualifies the CSCed22637 bug (Pool addresses marked as externally in use are never re-enabled).

Any insight appreciated!

1 Reply 1

vkapoor5
Level 5
Level 5

I think that the PIX should release the IP address as configured when the client is disconnected. However the address may not get released if the crypto association is still there. You can check it by using command show crypto ipsec sa. I think using PPTP may help you. Following link may help you

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080093f89.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: