cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
505
Views
5
Helpful
2
Replies

IP address assignment not working

jds5
Level 1
Level 1

Hello,


we configured a DHCP pool to attribute @ip to users on one of our ASA Appliance by adding these lines for the group-policy groupXX for example :

group-policy groupXX attributes
dns-server value X.X.X.X. X.X.X.X.
dhcp-network-scope X.X.X.X
default-domain value X

First we put 1% of the flow on this appliance. It worked correctly.
After a few days, we increased to 5%.
Then it worked for one day and stopped suddenly to work. No more DHCP @ip were attributed to users

In the ASA logs, we can see these kinds of messages :
Group = ProfilNomade, Username = X - XXXXX, IP = X.X.X.X, Session disconnected. Session Type: AnyConnect-Parent, Duration: 1h:01m:55s, Bytes xmt: 25871289, Bytes rcv: 16944255, Reason: Assigned address lease expired
TunnelGroup <ProfilXX> GroupPolicy <groupXX> User < X X - X> IP <X.X.X.X.> No address available for SVC connection

The DHCP pool was not full. We don't understand what happened and didn't find the root cause of this issue.
Could you help, please?

FP-4145, version 9.14(2)15

 

Thank you,

 

2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

Can you post full log for the user  connecting and failing :

 

try some debug :

 

debug dhcpd event

debug dhcprelay event

 

or try some delay :

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/vpn/asa-94-vpn-config/vpn-addresses.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

show vpn-sessiondb

check the active any connect number 
it can equal to IP address in Pool.