Re: anyconnect: editing ip adress pool

gaigl · ‎02-16-2020

Hello,

i had to edit a local adress-pool for anyconnect:

old: xxx.xxx.239.5-xxx.xxx.239.240 mask 255.255.255.255

new: xxx.xxx.236.5-xxx.xxx.239.240 mask 255.255.255.255

so this is no problem, but no connection uses the new adresses xxx.xxx.236.5 to xxx.xxx.238.254.

is there some cache or something similar?

Rob Ingram · ‎02-17-2020

Hi,

Change the mask to cover all IP addresses.

Have you created a new IP Pool, if so is it referenced in the Group Policy?

Your configuration should look like this:-

ip local pool VPN_POOL 192.168.14.10-192.168.14.254 mask 255.255.255.0

group-policy POLICY attributes
address-pools value VPN_POOL

HTH

Muhammad Awais Khan · ‎02-17-2020

Hi,

This has some thing to do with local pool lease time. Client will not get new address untill lease time got expires.

Which appliance you are using and which software?

gaigl · ‎02-17-2020

it's 5525-X with 9.10(1)30

Muhammad Awais Khan · ‎02-17-2020

i just check about local pool for ASA, it seems ASA dont hold the IP addresses for that long once session disconnected so not sure why you are not getting it.

As advised in other post, make sure configuration is fine.

gaigl · ‎02-17-2020

when i enter "sh ip local pool POOL-XXX", the ASA shows all Adresses.

btw: the POOL is in the tunnel-group not in the Group Policy

Pawan Raut · ‎02-17-2020

clear ip local pool << POOL-NAME>>

then try new connection to vpn

Please rate useful post

gaigl · ‎02-17-2020

this would kill all active connections?

edit: I don't have this command

gaigl · ‎02-17-2020

now i see the use of the "new" adresses, so it looks like the pool is counting up to the last adress and then starting with the first adress.

so thanks guys, everything is fine