I think that the particular syslog you have mentioned in the post, may not be cause of VPN disconnection.
It seems that the ip 172.16.40.124 is trying to initiate a connection to the subnet(172.16.0.0/16) broadcast ip: 172.16.255.255. I think that this is the reason that that packet was discarded.
Could you please tell us the number of vpn peers allowed to the ASA as per the output of "show version"?
Also can you check the output of "show vpn-sessiondb remote" to see the number of users online, and when a person gets disconnected, please check the output again to see if he is no longer in the list, and also check the count of remote access vpn users again.
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0) Boot microcode : CN1000-MC-BOOT-2.00 SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01 IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04 0: Ext: GigabitEthernet0/0 : address is 001e.f762.d380, irq 9 1: Ext: GigabitEthernet0/1 : address is 001e.f762.d381, irq 9 2: Ext: GigabitEthernet0/2 : address is 001e.f762.d382, irq 9 3: Ext: GigabitEthernet0/3 : address is 001e.f762.d383, irq 9 4: Ext: Management0/0 : address is 001e.f762.d37f, irq 11 5: Int: Not used : irq 11 6: Int: Not used : irq 5
Licensed features for this platform: Maximum Physical Interfaces : Unlimited Maximum VLANs : 150 Inside Hosts : Unlimited Failover : Active/Active VPN-DES : Enabled VPN-3DES-AES : Enabled Security Contexts : 2 GTP/GPRS : Disabled VPN Peers : 750 WebVPN Peers : 2 AnyConnect for Mobile : Disabled AnyConnect for Linksys phone : Disabled Advanced Endpoint Assessment : Disabled
This platform has an ASA 5520 VPN Plus license.
Serial Number: JMX1215L20S Running Activation Key: 0xd0134977 0x14b7c6fd 0xb411f51c 0xbf54f070 0x0f1aa9ab Configuration register is 0x1 Configuration last modified by enable_15 at 14:30:42.396 UTC Thu Apr 7 2011
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 18.104.22.168Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 22.214.171.124R1(config-ikev2-keyring-pee...
This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is al...
This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv...
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated...