12-09-2008 01:54 PM - edited 03-11-2019 07:23 AM
Is there something in the ASA that would prevent multiple users to connecting to a vpn..
scenario...we a company that uses
the cisco vpn client to use some of our network resources..They authenticate against AD
However 1 user will be stable..but than the more users that sign on from that company will expereince vpn drops.
This issue is not happening with any other remote users. Everyone is under the same group policy
12-09-2008 02:57 PM
Seems really weird. Do they pull an address from a VPN pool? Are they using the same account to connect? You can have a limited user account login, meaning that a user can be restricted to having 3 simultaneous logins and 3 people can be connected using the same login.
Can you post the group policy and your tunnel policy for these users?
HTH,
John
12-09-2008 06:57 PM
yes..there is a dhcp pool configured on the ASA..could that be it?..only 3 simultaneous?
They are all part of the A group
group-policy AHattributes
banner value You are accessing the networko
wins-server value 192.168.0.93 192.168.9.5
dns-server value 192.168.0.93 192.168.9.5
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value A_splitTunnelAcl
default-domain value A-USA
tunnel-group general-attributes
address-pool A-Pool
authentication-server-group A-Domain
default-group-policy A
tunnel-group A ipsec-attributes
pre-shared-key *
tunnel-group Diamluster type remote-access
tunnel-group Diamuster general-attributes
address-pool A-Pool
authentication-server-group A-Domain
default-group-policy Diamonster
tunnel-group Dialuster ipsec-attributes
pre-shared-key *
12-10-2008 02:53 PM
This sounds like it could be a NAT issue with the device at that remote site. I suggest you configure "isakmp nat-traversal 20" in your ASA and see if that helps. This will enable UDP encapsulation of the ESP traffic (e.g. the encryted data), which should help prevent issues with having multiple users behind a device performing PAT.
02-05-2009 11:12 AM
Hopefully someone can help with a similar issue I'm having with a PIX-515e firewall; software version 6.3.4, pdm version 3.0.2.
We're getting constant vpn termination errors (reason 412 and 413) from a group of users at one location. I am by no means a pix guru, but I've verified that nat-t is configured. I can't figure out how to determine if there is a group policy set. I'd be happy to post or email the current config if that will help - it's about 150 lines long.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide