Modification to a pool addresses for vpn anyconnect

schnap · ‎08-27-2013

Hi,

I f I need to modify a pool for vpn anyconnect.

IS all users that are currently connected when I push the modification on the ASA will continue to work or they will be disconnected.

Thanks,

Marvin Rhoads · ‎08-27-2013

Existing active sessions should not be affected by modifying a pool.

If you modify something like application of IPSec to an interface, that will cause problems.

schnap · ‎09-03-2013

I did the change but all existing session were disconnect.

So Marvin you was wrong.

Thanks,

Richard Burts · ‎09-03-2013

My first reaction was similar to Marvin that if you modify a pool that it should not affect existing sessions. But then I realized that we should be a bit more cautious in answering and should determine the nature of the modification that you were planning to do. If the modification was to delete the existing addresses in the pool and to define the pool with a different address range, then I can see how any existing sessions would be dropped if their address was no longer defined as a client address on the VPN device.

HTH

Rick

HTH

Rick

richardblair · ‎09-03-2013

True. We should always ask how the change was being made. I would have thought adding to a pool would not cause existing connections to have a problem, but replacing the addresses and possibly make NAT changes and route changes associated with it could cause issues.

Marvin Rhoads · ‎09-03-2013

Yes, Rick and Richard are right to clarify and qualify the answer. We should always explicitly state our assumptions.

My apologies for not doing so.