The tunnel works, but it tends to disconnect once every week. Additionally we can't write backups to a server at the remote end (we only get a 1 kb file, the rest doesn't get transfered). The same goes for files that are sent by a scanner to the server.
A article detailed that mismatched MTU values might be the cause of this. I've adapted the ISA to negotiate the MTU (by setting the EnablePMTUDiscovery to 1), but this didn't solve the problem. A additional problem is that the tunnel won't form after a restart when IKE fragmentation is enabled.
Cisco VPN Client users might receive this error when they attempt the connection with the head end VPN device.
"Attempted to assign network or broadcast IP address, removing (x.x.x.x) from pool" or "VPN client drops connection frequently on first attempt" or "Security VPN Connection terminated by tier. Reason 433."
The problem might be with the IP pool assignment either through ASA/PIX or Radius server. Use the debug crypto command in order to verify that the netmask and IP addresses are correct. Also, verify that the pool does not include the network address and the broadcast address. Radius servers must be able to assign the proper IP addresses to the clients.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :