Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
611
Views
5
Helpful
6
Replies

local ip pool address still in use

olivier_1968
Level 1
Level 1

‎09-16-2005 06:14 AM

Hi all,

I setup few vpn acces on my pix 506, all theses access are dedicated to roaming users who used the cicsco vpn client.

Each user have his own ip local pool (one per vpngroup and one address per ip pool), we have a problem because when the user drop his vpn connection the ip address of the local pool is "still in use" in the pix and if user user try to connect he is rejected because there is no availble ip address for him.

Do you know why these ip address stay "in use"

Thanks in advance for your help.

olivier

Labels:
0 Helpful
6 Replies 6

jackko
Level 7
Level 7

‎09-16-2005 08:04 AM

try the command "isakmp keepalive"

0 Helpful

sawyerc
Level 1
Level 1

‎09-18-2005 09:34 AM

Don't have an answer to your question other than the timeout probably hasn't kicked in yet. Probably the timeout that's connected with the isakmp command (isakmp keepalive []

I'm more interested in our how got your basic set up going -- I came into the forums to see if I could find some help.....and the first message I read was yours. :-)

I'd like to set up an addtional vpngroup (we've been using one group for a while now), and I'm having problems getting the pix to accept the command: isakmp client configuraiton address-pool local xxxx1 outside. It says there's already an address-pool connected to that interface and I'm to remove it. Of course, that'll break all current access, so I'm reluctant to do so without confidence I'll be able to put them both in afterwards.

Oh. We're using a pix 515 with 6.3(3).

Might you have any suggestions? Any help you can offer will be appreciated!

Charlotte Sawyer

0 Helpful

jackko
Level 7
Level 7
In response to sawyerc

‎09-18-2005 07:19 PM

we haven't been using that command, however we've got multiple vpngroups working fine.

ip local pool ippool1 10.0.0.1-10.0.0.10

ip local pool ippool2 172.16.8.1-172.16.8.10

vpngroup vpn1 address-pool ippool1

vpngroup vpn1 split-tunnel 101

vpngroup vpn1 idle-time 1800

vpngroup vpn1 password ********

vpngroup vpn2 address-pool ippool2

vpngroup vpn2 split-tunnel 102

vpngroup vpn2 idle-time 1800

vpngroup vpn2 password ********

0 Helpful

sawyerc
Level 1
Level 1
In response to jackko

‎09-19-2005 08:23 AM

Thanks for the info!!!!

So do you serve dns and/or wins info to your clients?

0 Helpful

jackko
Level 7
Level 7
In response to sawyerc

‎09-19-2005 03:50 PM

i do dns but not wins

vpngroup vpn1 dns-server

i believe you can put 2 servers with the command

sawyerc
Level 1
Level 1
In response to jackko

‎09-19-2005 03:57 PM

Thanks! I'll give that a try! :-)

0 Helpful
Customers Also Viewed These Support Documents