04-30-2008 07:51 AM - edited 02-21-2020 03:42 PM
We have a VPN issue that we can't seem to find an answer for. Any recommendations for a solution would be appreciated. Our Router is a Cisco 827-4v with IOS 12.2. We have several remote users that VPN into our network using the Cisco VPN 4.6 client. We allow each user to use the same client group name to log in and as long as they are not originating in the same physical network this has not been a problem. The Crypto configuration is as follows:
crypto isakmp client configuration group XXXXXXXXXXXX
key xxxxxxxxxxx
dns xxx.xxx.xxx.x
wins xxx.xxx.xxx.x xxx.xxx.xxx.x
domain xxxxxx.com
pool clientpool
acl 101
The problem is that, very consistently, once every week the remote users are unable to connect the VPN. They get a message that âThe Remote Peer is not respondingâ. This only affects the remote users since we also have two Router to Router VPN tunnels that continue to work with no problem. So far our only solution has been to reboot the router, which is an inconvenience to the two other networks that are connected with the Router to Router tunnels. We have tried Clear crypto isakmp and sa commands but it doesn't help the remote users. We always end up having to reboot the router. Is there another command that we should try that could possibly bring VPN for the remote users back up?
05-07-2008 01:47 PM
Try the following steps:
1)Uninstall VPN client
2)Reinstall VPN client
Try using the command "clear crypto session" in privileged EXEC mode to delete crypto sessions (IP Security [IPSec] and Internet Key Exchange [IKE] security associations [SAs]).
For more information about this command refer:
http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_c1gt.html#wp1161900
05-23-2008 10:30 AM
We finally had this fail again. In troubleshooting we found the clear commands not to work. We have discovered the actual problem to be related to the IP Local Pool for addresses that are assigned when the remote user connects. These IP addresses are not being released and eventually the Client Pool is used up. Is there a command for IOS 12.2 that can clear this IP Local Pool without having to reload the router?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide