vpn-framed-ip-address issue

suthakar sundaralingam · ‎07-12-2012

Hi Guys,

I'm using a cisco 5510 ASA at the headoffice to provide the VPN (remote access vpn) connectivity to the branch offices.

My local network is - 192.168.30.0 /24 and I've used a part of same segment for the vpn_pool as well ( i.e 192.168.30.152 -192.168.30.199). Further I'm using the vpn-framed-ip-address feature to allocate an unique ip address for each branch office when it connects.

My problem is, though this setup worked fine at the begining, now sometimes when the vpn connections are established from remote branches, they take different ip addresses from the allocated vpn pool, rather than the specific ip address which is mentioned under the vpn-framed-ip-address command.

Can anyone assist me with this issue?

Regards,

Suthakar

Javier Portuguez · ‎07-17-2012

Greetings,

Are you using the LOCAL database of the ASA?

What kind of devices are these branch offices?

What do debugs tell you?

debug aaa common 255

Thanks.

suthakar sundaralingam · ‎07-22-2012

Hi Javier,

Well I'm using the local database of the ASA.

Since we are using remote access VPN, the branch office clinet's connects via "cisco vpn client"

To be honest I'ven't tried out the debug commands yet since we are running this device in production network.

but i would be able to get a downtime and try out the debug commands

Regards,

Suthakar

Javier Portuguez · ‎07-25-2012

Hi Suthakar,

Please keep me posted.

Thanks.

suthakar sundaralingam · ‎07-31-2012

Hi Javier,

I think I have found out a solution for this problem.

I've removed the ip vpn pool and its reference under tunnel group general-attributes

ip local pool vpn_pool x.x.x.x - x.x.x.x

tunnel-group x.x.x.x general-attributes

address-pool vpn_pool

since there is no ip-pool, now the remote client's are getting the exact individual ip addresses allocated for them with the vpn-framed-ip-address command.

Thank you for your support.

Regards,

Suthakar