Hi Everyone!

Users are connecting to ASA with Anyconnect, they are authenticated using LDAP in Active Directory and IP addresses are statically assigned to all of them with values stored in AD in Framed-IP-Address attribute. Everything is ... almost ok. The problem appears when user disconnects the Anyconnect "brutally" - for instance when shut the network interface down while in connection, or when the system on a desktop got blue screen. When user tries to reconnect he gets a message "... no address available for svc connection" . ASA do not want to assign the ip address to a new session when another session with the same ip address is still active - suspended in fact. After the idle timeout, the old session is cleared and the user is now able to reestablish the connection. I could not find some kind of DPD mechism which can control the availability of remote peer (VPN client) by ASA - it could solve that problem. Even though there is a DPD in SSL VPN Group Policy configuration it is used to something else - it checks only the availability of DTLS. At the moment I made an workaroud - I set idle timeout to 10 min, but it is not the resolution which I expected.

Do anyone have any idea how I can resolve that issue. I would be the most grateful for any help.

Best regards.