09-09-2009 06:23 AM - edited 03-11-2019 09:13 AM
Hi,
I have configured RA vpn for remote users in ASA 5520 with version 8.0(2). The vpn was working fine since yesterday but somehow it has started giving an error in the debug of the ISAKMP & IPSEC that its not able to provide an IP Address to the client from the local address pool thus failing to connect to the vpn. I am attaching the config and the ISAKMP/IPSEC debug for your reference. Kindly help.
09-09-2009 06:42 AM
Any chance you can create a pool with a full class C address space? I've noticed weird things when you VLSM the pool.
09-09-2009 11:04 AM
yea but it works only if I am using a separate /24 subnet and not by just changing the mask to /24 of the existing subnet. I am actually short of the subnets, can you suggest a work around.
09-09-2009 11:08 AM
I am actually short of the subnets Can you explain this a little further? Also Cisco suggests using a subnet completely different than any assigned subnet. For example, your inside interface is in the 10 network. If you can you should use something from the 172.16 or 192.168 networks.
09-09-2009 12:44 PM
Thanks for the solution. I have used a 172.16. subnet and its working fine now. Is there any bug id related to this or it is a normal feature set we should keep in mind.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide