cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
761
Views
0
Helpful
12
Replies

VPN Problem !

mrmozaffari
Level 1
Level 1

Hi

I ve configured an ASA to act as a vpn server.

The clents from Microsoft windows Xp use vpn connection and they can connect but after the concurrent remote vpn become 6 or 7 no one else can connect to the ASA until someone disconnect !!!!

I also use vpn concurrent session command and set it value to 5000.

The problem is when they try to connect they get this message ,"Server did not assign address" , also iv checked my Ip pool and i have enough ip in my pool.

Please someone help me.

The best answer will get high Rate.

Best Regards B.Mozaffari

12 Replies 12

Ivan Martinon
Level 7
Level 7

Can you paste your show run here please?

Here it is.

Thanks, I don't see a pool configured globally neither defined to the tunnel group or group policy, either it was removed by mistake or the clients are getting an ip address via the authentication server, can you confirm either of them?

They get their ip addresses from Authentication server.

I see, what is your auth server? ACS MsIAS?

ACS

I have enough ip addresses in my pool.

OK, I would go ahead and enable debug radius all on your ASA to check if the Framed-IP-Address attribute is sent back from the ACS when the user is trying to connect, I will also check if the user is assigned to the correct group where this pools is assigned, also one good tip is to enable accounting since when using pools with an authentication server the asa might think ip addresses are not released therefore causing it not to allocate a previously freed ip addres

Take a look at configuration please,Accounting has been configured Already.

What did you get with the debugs? your config looks good nothing from it states it should not assign the ip address.

I really dont know !!!!

until 6 remote client everything is OK !

but then !!!!!!!!!!!

Ok, in order to find if the issue is the ACS or the ASA, you need to enable those debugs "debug radius all" right after the 7th client is about to connect after you got them you can analyze them or post them here.

Thanks Imartino

Here is debug.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: