ASA 5520 running ver 8.0(2) suddenly stops allocating address to VPN client

Unanswered Question

hi,

I have been noticing this issue of the ASA not able to assign ip address to the RA VPN clients from its local pool. The same config used to work without any issues but suddenly it has stopped working. Earlier also I faced the same issue but got it resolved by using a separate /24 subnet for the address pool as sometimes VLSM creates problems with the vpn address pool. Below is the config which used to work fine and still running. Can someone pls help urgently, it has become a show stopper. Is there any bug related to this.


========================================================================

object-group network RA_VPN_ADD_POOL

network-object 172.16.20.0 255.255.255.0


ip local pool CogVpnPool 172.16.20.1-172.16.20.254 mask 255.255.255.0


crypto ipsec transform-set CogVPNSet esp-aes-256 esp-sha-hmac

crypto dynamic-map RAVPNMAP 1 set pfs

crypto dynamic-map RAVPNMAP 1 set transform-set CogVPNSet

crypto map vpnmap 1 ipsec-isakmp dynamic RAVPNMAP

crypto map vpnmap interface public

crypto isakmp enable public

crypto isakmp policy 1

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400

no crypto isakmp nat-traversal

no vpn-addr-assign aaa

no vpn-addr-assign dhcp

vpn-addr-assign local


group-policy CogVpnUsers internal

group-policy CogVpnUsers attributes

banner value ************************

dns-server value ************

vpn-tunnel-protocol IPSec

default-domain value *********.com

address-pools value CogVpnPool

tunnel-group CogVpnUsers type remote-access

tunnel-group CogVpnUsers general-attributes

authentication-server-group LDAP_SRV_GRP

default-group-policy CogVpnUsers

tunnel-group CogVpnUsers ipsec-attributes

pre-shared-key *

=================================================================================================

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion