AIX DHCP Server Daemon crashes using Cisco VPN3030

zabbas · ‎05-08-2003

Scenario:

- 2 VPN 3030 Servers (3.6.7f code)

- Clients: 3.63+ (Win2k/XP)

- 2 AIX 4.3.3 Servers ML 11 running dhcpsd daemon

- Clients from home connect to vpn server which then get an address from a dhcp server for client after authentication.

- Concentrator setup with :

[dhcp]

enable=1

LeaseTimeout=1440

Port=67

RetransmissionTimeout=7

RetryLimit=2

[dhcpserver 1]

Priority=1

Name=10.0.0.1

Port=67

[dhcpserver 2]

Priority=2

Name=10.0.0.2

Port=67

[dhcp_server]

enable=1

LeaseTimeout=120

Relay=2

RelayAddr=0.0.0.0

RelayMask=0.0.0.0

IntMSHack=1

Under User Mangement | Group Setup | Client Config: Intercept DHCP Message isn't checked off.

Problem:

Almost once a week we have a problem with the dhcp daemon not able to hand out new addresses from the vpn subnet to vpn users coming in. Addresses are still being handed out for other subnets no problem (ie. local lan subnets). We notice that addresses in the vpn subnet seem to go into a 'RESERVED' status (even though there are over 1500+ addresses and only 300 users on at the time ... 90% of the addresses show as being RESERVED) basically we end having to recycle the daemon.

This is a Cisco VPN concentrator problem I believe, since we have shiva vpn servers as well, and never have problems with that subnet. Our dhcp server otherwise are in very good health.

Question: Has anyone else seen this type of problem ?

jfrahim · ‎05-08-2003

Hi there,

You can try to lower down the leasetime on the concentrator to see if it helps. If it doesn't then try to lower it on the DHCP server.

Sounds like your DHCP server has a timeout value set to some big number

Jazib