01-09-2008 01:12 AM - edited 02-21-2020 03:28 PM
IOS - 12.2 18 SXF
crypto isakmp client configuration group keeps the count of dropped vpn connnections (those which are dropped due to internet failure on Client part and not disconnected properly)
Though this does not block the IP from pool and client is able to make another session. But thatz another addition to the count of connections.
Even if the IP Pool is for 5 IP addresses the connection counter goes up to 15-20.
I need command to clear such connections for particular Client configuration group.
E.g
#show crypto session summary
Group MYVPNGP has 15 connections
While it actually has 1 active connection and only have 3 IP in its pool.
The 'Clear' command and not the 'idle-timeout'.
Clear Sessions not helping here.
This bug could be a close match but its New and not yet fixed:
CSCse29085 - Duplicate IPSEC SA's are not deleted & SPI allocated are not freed up
Many Thanx in Advance.
01-16-2008 06:37 AM
First clear the VPN connection using crypto clear sa command and then use the show command.
01-16-2008 06:43 AM
Just before I was going to open a TAC for this case, I found the cause of issue affecting this IOS.
------------------------------------------------------------------------------------------
CSCsf10605
Symptom:
When a vpnclient session is disconnected ungracefully, it is possible that the user will be stuck in the local database if they are reconnecting with the same IP address but a different group name. This can lead to problems when the 'max-logins' configuration command is used, since a user is accounted for although he is no longer active.
Conditions:
-ungraceful vpnclient disconnect.
-'max-logins' feature is used.
- Same IP address, send initial-contact but different group
Workaround:
Have users in single groups, try to ensure clients disconnect properly if they are likely to be swapping groups during a session.
Further Problem Description:
The show crypto session summary command will display some users as being active, although there is actually no longer a valid crypto session for them.
-------------------------------------------------------------------------------------------
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: