05-31-2022 06:22 AM
Hello,
we configured a DHCP pool to attribute @ip to users on one of our ASA Appliance by adding these lines for the group-policy groupXX for example :
group-policy groupXX attributes
dns-server value X.X.X.X. X.X.X.X.
dhcp-network-scope X.X.X.X
default-domain value X
First we put 1% of the flow on this appliance. It worked correctly.
After a few days, we increased to 5%.
Then it worked for one day and stopped suddenly to work. No more DHCP @ip were attributed to users
In the ASA logs, we can see these kinds of messages :
Group = ProfilNomade, Username = X - XXXXX, IP = X.X.X.X, Session disconnected. Session Type: AnyConnect-Parent, Duration: 1h:01m:55s, Bytes xmt: 25871289, Bytes rcv: 16944255, Reason: Assigned address lease expired
TunnelGroup <ProfilXX> GroupPolicy <groupXX> User < X X - X> IP <X.X.X.X.> No address available for SVC connection
The DHCP pool was not full. We don't understand what happened and didn't find the root cause of this issue.
Could you help, please?
FP-4145, version 9.14(2)15
Thank you,
05-31-2022 06:36 AM
Can you post full log for the user connecting and failing :
try some debug :
debug dhcpd event
debug dhcprelay event
or try some delay :
05-31-2022 11:37 AM
show vpn-sessiondb
check the active any connect number
it can equal to IP address in Pool.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide