I have a Cisco ASA 5520 (8.0(3)).
I have remote access VPN set up for users to VPN into the network. Everything is working fine.
I am using a class C address pool of 192.168.10.x /24 for authenticated users (this is a different subnet from the internal network). This is working fine. However... when the user disconnects from their session... it appears that the IP address does not get released back into the address pool and the next user who connects will get the NEXT IP address in the pool and so on and so forth. Although i can't pin point the cause of the problem because 'sometimes' one user will get an address which was previously in use. It is inconsistent as far as i can see.
We don't have a large number of users but the IP pool is already half depleted because of this. It is slowly but surely getting up into assigning 192.168.10.150 when there are no other users connected. (opposed to it assigning 192.168.10.1)
I have the default idle timeout of 30 set. (Which doens't actually do anything as far as i can see because keepalives are enabled)
I have the max session time of 8 hours.
I have the 'release IP into pool after a certain number of minutes set to the default 0' so they should be released immediately (from what i understand). I did change this to be 20 minutes and the problem got even worse.
Perhaps this is normal behaviour and when the pool reaches the end it starts from the beginning?
Can someone point me into the right direction of what setting i should be looking at or guide me in the right general direction?
Appreciate any help.
I am not able to find any documentation on what order the addresses are assigned to the remote access clients. As long as it's showing the addresses are being released back to the pool, as it supposed to, I would think once it hits the end of the pool it should start reusing those released addresses.