From looking at the status of the vpn connections on the router I have noticed that over time IP addresses can go from a ?working? state to a ?broken? state where communication between the client machine and the cisco device doesn?t happen. In short, an IP address works fine for one machine earlier in the day, but a few hours later it is broken for another machine that picks up the address. The router shows ?Bytes Tx: 0? (data transmitted back to the client) on each of these ?broken? IP addresses. Once a machine that was using a ?broken? IP address receives a new IP address that hadn?t been broken, it is able to communicate again. As other machines takes over a ?broken? IP address it is then unable to communicate with the router. I have seen good IP address ?break? but I have not seen an IP address that was "broken" go back to ?working? again. A broken IP address may not get used for a little while (sitting in the address pool waiting to be re-assigned by the router), but once it is used again the machine that picks it up will be in a ?broken? state. When I did a ?VPN-Tunnel bounce? (logoff remote) it didn?t help, and may have cause things to become worse. When I did a ?reload? on the router, the status of the router went from 34 connections working and 70ish broken to 107 working and 2 broken. A reload was done Monday and by Wednesday have seen anywhere from 2-7 broken connections at any given time and growing (I have yet to see 100% connections ?working?). It seems also that an IP address only works the first time it is assigned (to a VPN client), and then it is unusable to any client it is assigned to after that.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...