Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
797
Views
0
Helpful
5
Replies

Cisco Remote VPN Issue

jawad-mukhtar
Level 4
Level 4

‎02-16-2013 02:08 PM

Dear,

I am facing Some Issue With Remote VPN

Issue is that i have Created Seperate Group for each user and allocated Seperate Single IP for each User.  Some time users connect to remote vpn but when they Disconnect their session remains in show Cisco crypto isakmp peers and their single IP is also allocated when i see using show local ip pool command.  So same user cannot connect again until i clear crypto session for that user.

Please Suggest..

Regards

Jawad

Jawad
Labels:
0 Helpful
5 Replies 5

Jennifer Halim
Cisco Employee
Cisco Employee

‎02-17-2013 02:43 AM

Which device are you using to terminate the VPN Client, and also what is the version of the server?

0 Helpful

jawad-mukhtar
Level 4
Level 4

‎02-17-2013 04:11 AM

Dear It cisco 2811 Router and On client End its Cisco VPN Client Software and some other clients are using vpnc in Ubuntu.

I have Created Users As follows.

aaa authorization network ABC local

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

lifetime 28800

ip local pool ABC-POOL 192.168.1.200

crypto isakmp client configuration group ABC

key abc

pool ABC-POOL

save-password

crypto isakmp profile ABC-CM

   match identity group ABC

   isakmp authorization list ABC

   client configuration address respond

crypto dynamic-map DYNMAP 1

set transform-set VPNTRANSFORM

reverse-route

crypto ipsec transform-set VPNTRANSFORM esp-3des esp-sha-hmac

crypto map CLIENTMAP isakmp authorization list ABC

crypto map CLIENTMAP client configuration address respond

crypto map CLIENTMAP 10 ipsec-isakmp dynamic DYNMAP

Now With These Settings Clients gets connected,  but sometime clients dont Disconnect their Session and shutdown their pc, due to which Seesion is not ended in Router.

when i usse show crypto isakmp peer

Subject User is till Active

and then i use

show ip local pool command

his ip is also in used and as mentioned above in local ip pool i have given him single IP.

So at the same time he tried to connect he fials because his session is still active in router.

and i recieve following error

deleting SA reason "Fail to allocate ip address" state (R) MM_NO_STATE

When i cleir his session he successfully connects.

Please advice

Jawad
0 Helpful

jawad-mukhtar
Level 4
Level 4
In response to jawad-mukhtar

‎02-17-2013 04:18 AM

I want his session should be ended and his ip should be free when he disconnects from remote vpn.

Jawad
0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to jawad-mukhtar

‎02-17-2013 04:21 AM

What version is your router?

0 Helpful

jawad-mukhtar
Level 4
Level 4
In response to Jennifer Halim

‎02-17-2013 07:10 AM

Sorry I Was wrong Above Regarding Router Model

Router Model is

C2621XM-2FE

IOS Version is

c2600-adventerprisek9-mz.124-25d.bin

Jawad
0 Helpful
Customers Also Viewed These Support Documents