Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN Problem !

Hi

I ve configured an ASA to act as a vpn server.

The clents from Microsoft windows Xp use vpn connection and they can connect but after the concurrent remote vpn become 6 or 7 no one else can connect to the ASA until someone disconnect !!!!

I also use vpn concurrent session command and set it value to 5000.

The problem is when they try to connect they get this message ,"Server did not assign address" , also iv checked my Ip pool and i have enough ip in my pool.

Please someone help me.

The best answer will get high Rate.

Best Regards B.Mozaffari

12 REPLIES

Re: VPN Problem !

Can you paste your show run here please?

Community Member

Re: VPN Problem !

Here it is.

Re: VPN Problem !

Thanks, I don't see a pool configured globally neither defined to the tunnel group or group policy, either it was removed by mistake or the clients are getting an ip address via the authentication server, can you confirm either of them?

Community Member

Re: VPN Problem !

They get their ip addresses from Authentication server.

Re: VPN Problem !

I see, what is your auth server? ACS MsIAS?

Community Member

Re: VPN Problem !

ACS

I have enough ip addresses in my pool.

Re: VPN Problem !

OK, I would go ahead and enable debug radius all on your ASA to check if the Framed-IP-Address attribute is sent back from the ACS when the user is trying to connect, I will also check if the user is assigned to the correct group where this pools is assigned, also one good tip is to enable accounting since when using pools with an authentication server the asa might think ip addresses are not released therefore causing it not to allocate a previously freed ip addres

Community Member

Re: VPN Problem !

Take a look at configuration please,Accounting has been configured Already.

Re: VPN Problem !

What did you get with the debugs? your config looks good nothing from it states it should not assign the ip address.

Community Member

Re: VPN Problem !

I really dont know !!!!

until 6 remote client everything is OK !

but then !!!!!!!!!!!

Re: VPN Problem !

Ok, in order to find if the issue is the ACS or the ASA, you need to enable those debugs "debug radius all" right after the 7th client is about to connect after you got them you can analyze them or post them here.

Community Member

Re: VPN Problem !

Thanks Imartino

Here is debug.

163
Views
0
Helpful
12
Replies
CreatePlease to create content