cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8986
Views
0
Helpful
4
Replies

"ip local pool" lease time

Hi guys

We are using to Cisco ASAs with Version: 9.4(2)11 for our Client VPN.

I have got configured the ip local "ip local pool mmag-cvpn-ch-1 172.23.97.1-172.23.97.254 mask 255.255.255.0"

Our actual Problem is, that the lease time is to short for our dns Server.

When our Support Team tries to remote view a device, it maybe connect to a device which has already received the new ip address.

Does someone know how to set this timeout?

I made some googling for this issue and only find configuration commands for the dhcp Server like "dhcpd lease time" does anyone know if this also relates to the "ip local pool"

Thanks

Thomas

4 Replies 4

Dina Odeh
Level 1
Level 1

Hi Thomas, 

Your issue is not clear to me. What is your issue with the lease time ? 

If you configure a POOL for VPN users then the user will assign an IP address from the POOL once he is connected and he will release that IP once he disconnect. 

What do you mean by "

Our actual Problem is, that the lease time is to short for our dns Server." I think you are talking about DHCP server not DNS, right ? 

Hi Dina

ok sorry for confusing you.

Our Problem is, that the Clients will get their IP addresses from the Cisco ASA's IP pool and then Register theirselves ou our DNS Server.

Because the Cisco ASA does have a very short lease time, a Client ip address will not be reserved for about 4 or 8 days.

The IP Address will be distributed to Client B after Client A has disconnected from VPN.

I would know to increase the Leas Duration to about 8 days.

Best regards
Thomas

Hi, 

As you said, when VPN user disconnect, he will release his assigned IP and a new VPN user will take that IP address. You can assign a static IP address for the VPN user once he connect. For example, we can say: user "ABC" will always take IP address "172.16.1.1" 

If you have LOCAL users, you can play with the attribute "vpn-framed-ip-address" like: 

username dina attributes
vpn-framed-ip-address 172.16.1.1 255.255.255.0

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/109639-asa-vpn-static-asdm-config.html

 

mbilgrav
Level 3
Level 3
FW-1/pri/actNoFailover(config)# vpn-addr-assign local reuse-delay ?

configure mode commands/options:
<0-480> IP address reuse delay in minutes
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: