Remote VPN access stops working

Unanswered Question

We have a VPN issue that we can't seem to find an answer for. Any recommendations for a solution would be appreciated. Our Router is a Cisco 827-4v with IOS 12.2. We have several remote users that VPN into our network using the Cisco VPN 4.6 client. We allow each user to use the same client group name to log in and as long as they are not originating in the same physical network this has not been a problem. The Crypto configuration is as follows:


crypto isakmp client configuration group XXXXXXXXXXXX

key xxxxxxxxxxx

dns xxx.xxx.xxx.x

wins xxx.xxx.xxx.x xxx.xxx.xxx.x

domain xxxxxx.com

pool clientpool

acl 101


The problem is that, very consistently, once every week the remote users are unable to connect the VPN. They get a message that “The Remote Peer is not responding”. This only affects the remote users since we also have two Router to Router VPN tunnels that continue to work with no problem. So far our only solution has been to reboot the router, which is an inconvenience to the two other networks that are connected with the Router to Router tunnels. We have tried Clear crypto isakmp and sa commands but it doesn't help the remote users. We always end up having to reboot the router. Is there another command that we should try that could possibly bring VPN for the remote users back up?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
Loading.
smahbub Wed, 05/07/2008 - 13:47
User Badges:
  • Silver, 250 points or more

Try the following steps:

1)Uninstall VPN client

2)Reinstall VPN client


Try using the command "clear crypto session" in privileged EXEC mode to delete crypto sessions (IP Security [IPSec] and Internet Key Exchange [IKE] security associations [SAs]).


For more information about this command refer:

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_c1gt.html#wp1161900

We finally had this fail again. In troubleshooting we found the clear commands not to work. We have discovered the actual problem to be related to the IP Local Pool for addresses that are assigned when the remote user connects. These IP addresses are not being released and eventually the Client Pool is used up. Is there a command for IOS 12.2 that can clear this IP Local Pool without having to reload the router?

Actions

This Discussion