Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN drops for users sharing IP

Is there something in the ASA that would prevent multiple users to connecting to a vpn..

scenario...we a company that uses

the cisco vpn client to use some of our network resources..They authenticate against AD

However 1 user will be stable..but than the more users that sign on from that company will expereince vpn drops.

This issue is not happening with any other remote users. Everyone is under the same group policy


Re: VPN drops for users sharing IP

Seems really weird. Do they pull an address from a VPN pool? Are they using the same account to connect? You can have a limited user account login, meaning that a user can be restricted to having 3 simultaneous logins and 3 people can be connected using the same login.

Can you post the group policy and your tunnel policy for these users?



HTH, John *** Please rate all useful posts ***
New Member

Re: VPN drops for users sharing IP

yes..there is a dhcp pool configured on the ASA..could that be it?..only 3 simultaneous?

They are all part of the A group

group-policy AHattributes

banner value You are accessing the networko

wins-server value

dns-server value

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value A_splitTunnelAcl

default-domain value A-USA

tunnel-group general-attributes

address-pool A-Pool

authentication-server-group A-Domain

default-group-policy A

tunnel-group A ipsec-attributes

pre-shared-key *

tunnel-group Diamluster type remote-access

tunnel-group Diamuster general-attributes

address-pool A-Pool

authentication-server-group A-Domain

default-group-policy Diamonster

tunnel-group Dialuster ipsec-attributes

pre-shared-key *


Re: VPN drops for users sharing IP

This sounds like it could be a NAT issue with the device at that remote site. I suggest you configure "isakmp nat-traversal 20" in your ASA and see if that helps. This will enable UDP encapsulation of the ESP traffic (e.g. the encryted data), which should help prevent issues with having multiple users behind a device performing PAT.

New Member

Re: VPN drops for users sharing IP

Hopefully someone can help with a similar issue I'm having with a PIX-515e firewall; software version 6.3.4, pdm version 3.0.2.

We're getting constant vpn termination errors (reason 412 and 413) from a group of users at one location. I am by no means a pix guru, but I've verified that nat-t is configured. I can't figure out how to determine if there is a group policy set. I'd be happy to post or email the current config if that will help - it's about 150 lines long.