strange problem -some VPN users no longer able to connect to inside network
for months (if not years!) our users have been happily connecting over the VPN to our corporate HQ.
However, this morning, we encountered a strange problem that only seemed to affect a few users.
The users complained that they had got authenticated over the VPN ok but could not access anything inside our network.
Meanwhile though, other users were connected happily, as normal.
When I ran a "sh uauth" on the PIX515E firewall running 6.3(5) that we have, I could see the "working" users were authenticated with an IP address allocated correctly from our IP address pool.
The "problem" users were also showing as authenticated - however, instead of having an IP address from the pool, the IP address was still showing as their own public IP address.
There were plenty spare addresses in the address pool so there were definitely addresses available to be allocated.
For the problem users, if they checked their IP config, it appeared to them that they HAD got allocated an address from our pool - but, for some reason, the PIX did not seem to recognise that it had allocated an address to them - therefore, no traffic could be routed from our network to these particular users.
I carried out a reboot of the PIX and the problem was resolved.
Nothing had been changed on the PIX config and there didn't seem to be any pattern to the users affected (eg some were using their home broadband connection, some using 3G cards - meanwhile other users were connected without problem via the same methods)
Does anyone know any more about what this problem was and why it should suddenly have affected us?
Is there any other way to resolve it? i.e. something less drastic than a complete reboot?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :