clear ip local pool vpn

michellp · ‎09-26-2014

I have an issue with ip's not being released from the local pool. Take H_POOL, There are no active vpn sessions using that pool but the ip's don't get released.

Eventually this leads to the pools getting exhausted.

sh ip local pool

Pool                     Begin           End             Free In use
A_POOL            192.168.2.1     192.168.2.10      10       0
B_POOL            192.168.2.65    192.168.2.78       4      10
C_POOL            192.168.2.81    192.168.2.94      14       0
D_POOL            192.168.2.97    192.168.2.110     14       0
E_POOL            192.168.2.113   192.168.2.126      8       6
F_POOL            192.168.2.129   192.168.2.142     14       0
G_POOL            192.168.2.161   192.168.2.174     14       0
H_POOL            192.168.2.145   192.168.2.158      9       5

how can I release those ip's that are in use?

michellp · ‎09-29-2014

Anyone?!

Chad W · ‎09-29-2014

Is this on an ASA? Did you change the DHCPD lease time? Should be 3600 seconds by default. If this was set to 0 it would never let them go.

michellp · ‎09-30-2014

Nope, this is on a router. And as it seems there are a couple addressen that simply do not get released. As far as all the info goes that I can find on this subject, the only thing I can do is reload the router, which is why I posted this, to see if there are any alternatives to release those ip's.

Also when I do a 'sh cry isa peers' I see way more peers than there are actually active as opposed to 'sh cry isa sa'.

Marius Gunnerud · ‎09-30-2014

The command is clear ip dhcp binding * to clear all leased IPs, or clear ip dhcp binding <address> to clear a specific IP.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

michellp · ‎09-30-2014

Hi Marius,

Thanks for the reply, however this is not a DHCP lease. These are addresses from a configured local pool that get assigned to the remote vpn clients. This is not done by the DHCP protocol. It probably works in a similar way, but it's not dhcp. There is no DHCP server configuration on this router.

as you can see, the DHCP database is emtpy:

sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name

Marius Gunnerud · ‎09-30-2014

I am a little uncertain about releasing the IPs manually, but you could configure the pool to "recylce" the IPs after a given time period:

ip local pool POOL 1.1.1.1 1.1.1.5 recycle delay 43200

the above command would make the IPs available again after 12 hours.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

michellp · ‎09-30-2014

Hi Marius,

Thanks again for your reply. Unfortunately this command is not supported by the ios. Maybe in newer versions?!

Marius Gunnerud · ‎09-30-2014

It looks like the command is supported from IOS Release 12.4(15)T and later.

What version are you running?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

michellp · ‎10-01-2014

Version 12.4(9)T7 unfortunately.

Marius Gunnerud · ‎10-01-2014

I am uncertain if it will work for RA VPNs, but have you tried clear crypto session? Leaving the command as is will clear all tunnels, but you can specify remote IP, local IP, etc.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts