Hi everyone,

I have a problem on a Cisco ASA5520 version 8.2(5).

A customer has set up a syslog to keep tracks of tcp sessions made by vpn users.

On the syslog we filter %ASA-6-302013 and %ASA-6-302014 log messages, respectively: Built inbound TCP connection and Teardown TCP connection.

When the connection is made by a vpn user, at the end of the log line you see the vpn username which should be the same in both the messages for the same connection.

I have verified that when a user, let's say UserA, disconnects from the vpn, their tcp sessions are not properly closed;

if another user, let's say UserB, establish a VPN immeditaely after and gets the same IP address previously assigned to UserA, the log sessions are recored with UserA in the %ASA-6-302013 message and UserB in the %ASA-6-302014 message.

I presume this is due to the fact the tcp sessions are not tore down when the first user disconnects and it looks like a bug to me but I didn't find it referenced anywhere.

Can anyone help me with this problem?

Is there a way to have all tcp session tore down when a user disconnects the VPN connection?

Thank you in advance.

Valerio Galantini