cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
207
Views
0
Helpful
5
Replies
Highlighted
Contributor

cisco ASA VPN IP local pool issue

Hello All,

 

we are using ip local pool to assign ip address to Cisco VPN client. but we faced issue with starting ip & end as it show always free because of that users not got ip address from other pool.

ip show in use but still 6.ip showing free. below is sh ip local pool output

Test-VPN# sh ip local pool Test-VPN-Pool
Begin                 End                        Mask               Free       Held     In use
10.246.125.32 10.246.125.39 255.255.255.248      6            0       2

Available Addresses:
10.246.125.33
10.246.125.34
10.246.125.37
10.246.125.38

In Use Addresses:
10.246.125.32
10.246.125.35
10.246.125.36
10.246.125.39

 

when we check sh vpn-sessiondb anyconnect session for IP address 10.246.125.32 & 10.246.125.39 it show "INFO: There are presently no active sessions of the type specified"

 

can someone help to resolve this issue.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Hi,

.32 is your network address and .39 the broadcast address and are not usuable.

Change your subnet mask to /28 (255.255.255.240) which should allow you usable IP addresses from .33 to .47.

 

HTH

View solution in original post

5 REPLIES 5
Highlighted
VIP Mentor

high level looks like DHCP Lease expiry issue, even though the client disconnect i- the one shows as used IP ( that are network and broadcast)

 

can you post the configuration to understand?

also, give us the error of what the user getting when he tries to log in as a new user?

 

 

BB
*** Rate All Helpful Responses ***
Highlighted

logs.PNG

 

Highlighted

@Nitin S 

Did you create a new IP pool? Make sure you have referenced this under the group-policy?

Highlighted

only Test-VPN-Pool is configure on group policy

Highlighted
VIP Advisor

Hi,

.32 is your network address and .39 the broadcast address and are not usuable.

Change your subnet mask to /28 (255.255.255.240) which should allow you usable IP addresses from .33 to .47.

 

HTH

View solution in original post