local ip pool address still in use

Unanswered Question
Sep 16th, 2005
User Badges:

Hi all,

I setup few vpn acces on my pix 506, all theses access are dedicated to roaming users who used the cicsco vpn client.

Each user have his own ip local pool (one per vpngroup and one address per ip pool), we have a problem because when the user drop his vpn connection the ip address of the local pool is "still in use" in the pix and if user user try to connect he is rejected because there is no availble ip address for him.

Do you know why these ip address stay "in use"

Thanks in advance for your help.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
jackko Fri, 09/16/2005 - 08:04
User Badges:
  • Gold, 750 points or more

try the command "isakmp keepalive"

sawyerc Sun, 09/18/2005 - 09:34
User Badges:

Don't have an answer to your question other than the timeout probably hasn't kicked in yet. Probably the timeout that's connected with the isakmp command (isakmp keepalive []

I'm more interested in our how got your basic set up going -- I came into the forums to see if I could find some help.....and the first message I read was yours. :-)

I'd like to set up an addtional vpngroup (we've been using one group for a while now), and I'm having problems getting the pix to accept the command: isakmp client configuraiton address-pool local xxxx1 outside. It says there's already an address-pool connected to that interface and I'm to remove it. Of course, that'll break all current access, so I'm reluctant to do so without confidence I'll be able to put them both in afterwards.

Oh. We're using a pix 515 with 6.3(3).

Might you have any suggestions? Any help you can offer will be appreciated!

Charlotte Sawyer

jackko Sun, 09/18/2005 - 19:19
User Badges:
  • Gold, 750 points or more

we haven't been using that command, however we've got multiple vpngroups working fine.

ip local pool ippool1

ip local pool ippool2

vpngroup vpn1 address-pool ippool1

vpngroup vpn1 split-tunnel 101

vpngroup vpn1 idle-time 1800

vpngroup vpn1 password ********

vpngroup vpn2 address-pool ippool2

vpngroup vpn2 split-tunnel 102

vpngroup vpn2 idle-time 1800

vpngroup vpn2 password ********

sawyerc Mon, 09/19/2005 - 08:23
User Badges:

Thanks for the info!!!!

So do you serve dns and/or wins info to your clients?

jackko Mon, 09/19/2005 - 15:50
User Badges:
  • Gold, 750 points or more

i do dns but not wins

vpngroup vpn1 dns-server

i believe you can put 2 servers with the command


This Discussion