RA VPN Local Address Pool IP Assignment Issue

connect · ‎09-09-2009

Hi,

I have configured RA vpn for remote users in ASA 5520 with version 8.0(2). The vpn was working fine since yesterday but somehow it has started giving an error in the debug of the ISAKMP & IPSEC that its not able to provide an IP Address to the client from the local address pool thus failing to connect to the vpn. I am attaching the config and the ISAKMP/IPSEC debug for your reference. Kindly help.

Collin Clark · ‎09-09-2009

Any chance you can create a pool with a full class C address space? I've noticed weird things when you VLSM the pool.

connect · ‎09-09-2009

yea but it works only if I am using a separate /24 subnet and not by just changing the mask to /24 of the existing subnet. I am actually short of the subnets, can you suggest a work around.

Collin Clark · ‎09-09-2009

I am actually short of the subnets Can you explain this a little further? Also Cisco suggests using a subnet completely different than any assigned subnet. For example, your inside interface is in the 10 network. If you can you should use something from the 172.16 or 192.168 networks.

connect · ‎09-09-2009

Thanks for the solution. I have used a 172.16. subnet and its working fine now. Is there any bug id related to this or it is a normal feature set we should keep in mind.