Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
859
Views
1
Helpful
2
Replies

Remote VPN access stops working

ricky
Level 1
Level 1

‎04-30-2008 07:51 AM - edited ‎02-21-2020 03:42 PM

We have a VPN issue that we can't seem to find an answer for. Any recommendations for a solution would be appreciated. Our Router is a Cisco 827-4v with IOS 12.2. We have several remote users that VPN into our network using the Cisco VPN 4.6 client. We allow each user to use the same client group name to log in and as long as they are not originating in the same physical network this has not been a problem. The Crypto configuration is as follows:

crypto isakmp client configuration group XXXXXXXXXXXX

key xxxxxxxxxxx

dns xxx.xxx.xxx.x

wins xxx.xxx.xxx.x xxx.xxx.xxx.x

domain xxxxxx.com

pool clientpool

acl 101

The problem is that, very consistently, once every week the remote users are unable to connect the VPN. They get a message that “The Remote Peer is not responding”. This only affects the remote users since we also have two Router to Router VPN tunnels that continue to work with no problem. So far our only solution has been to reboot the router, which is an inconvenience to the two other networks that are connected with the Router to Router tunnels. We have tried Clear crypto isakmp and sa commands but it doesn't help the remote users. We always end up having to reboot the router. Is there another command that we should try that could possibly bring VPN for the remote users back up?

Labels:
0 Helpful
2 Replies 2

smahbub
Level 6
Level 6

‎05-07-2008 01:47 PM

Try the following steps:

1)Uninstall VPN client

2)Reinstall VPN client

Try using the command "clear crypto session" in privileged EXEC mode to delete crypto sessions (IP Security [IPSec] and Internet Key Exchange [IKE] security associations [SAs]).

For more information about this command refer:

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_c1gt.html#wp1161900

ricky
Level 1
Level 1
In response to smahbub

‎05-23-2008 10:30 AM

We finally had this fail again. In troubleshooting we found the clear commands not to work. We have discovered the actual problem to be related to the IP Local Pool for addresses that are assigned when the remote user connects. These IP addresses are not being released and eventually the Client Pool is used up. Is there a command for IOS 12.2 that can clear this IP Local Pool without having to reload the router?

0 Helpful
Customers Also Viewed These Support Documents