Gentlebeings and experts.
I've come across a preplexing situation I've never seen before, and can't explain, and am asking the collective wisdom to see if anyone else may have an explainatiion.
Background : $POE has a pair of ASA5520's (active/standby) running at our internet edge. Said ASA's terminate remote access, client-based VPN's with split-tunnelling for teleworkers. I, for my sins, inhereted management of these devices, and owing to the nature of the business it is *extremely* difficult to find time to try and improve/change the configurations because the firewalls are almost always in use.
ASA software version is 8.2(1).
Normally, this is not an issue, and Just Works. Recently, owing to some business restructure, we've had a fairly large increase in the number of VPN users who need to logon on - not necessarily concurrently (we only hit 10 or so online, max), but overall number of users.
Yesterday, I had a user complain that they couldn't access network resources despite being connected to the VPN. Remotely connecting to her desktop showed that, indeed, her VPN was up. Checking into the Firewall console I could see the connection and that it was receiving data but NOT sending data outbound.
I assumed a client issue (we are, unfortunately, still using the old Cisco Systems VPN client) with the relatively new Windows 7 laptop, and installed the Shrew Soft VPN client, which worked.
Shortly later, I got another helpdesk job referring to a similar issue. Looked at the firewall and saw the exact same situation - connection online and authenticated, receiving data but NOT sending.
Just by chance, I noticed that the IP address allocated to the client was the same one as the previous user with the problem. There were IP addresses both before and after this address in use, so I knew we weren't running into a limit in the scope (there's a /24 allocated to the VPN users) - but the last user who had the problem was now online with a completely different IP adderss and working fine.
For the life of me, I can NOT think why one specific IP address would throw up this kind of symptom. Both the users were in different parts of the country, so there was no similarity in source address for the VPN connection, one was running XP and one running Windows 7, different usernames etc - the only thing in common was the IP address which they were allocated.
Has anyone ever seen this kind of thing? For information, the "faulty" IP address was .177 in a /24 range.
I killed/reset the pool, along with some tweaks to the time limits on re-using IP addresses so hopefully it won't happen again - but I'm curious to find out if anyone can shed light on what might have caused it.
Cheers.
