cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
383
Views
5
Helpful
3
Replies
Highlighted
Beginner

VPN Site to Site on ASA 9.6.2: Access hours restrictions in effect

Hi,

after an upgrade starting from ASA version 9.6.1 to 9.6.2, on reboot, the site-to-site tunnel does not come back!   X_X

During the negotiation passes a message that provides an idea of the reason even if not understandable, as with the previous version was UP without problems:

Group = ip.ip.ip.ip, IP = ip.ip.ip.ip, L2L Authorization Failed - check your group-policy.
AAA unable to complete the request Error : reason = Access hours restrictions in effect : user = ip.ip.ip.ip

Why? I have not set any restrictions, what did this version update? I also tried to remove the tunnels from the configuration, restoring the same as usual but the problem persists!

Does anyone have an idea on what to do?

Thanks,
Arturo.

3 REPLIES 3
Highlighted

Try performing a "show

Try performing a "show running all" and look at the group-policy DfltGrpPolicy attributes.

Also look at the tunnel-group DefaultL2LGroup general-attributes and check if it refers to a different group-policy.

Last, check at your specific tunnel-groups and check if they refer to a different group-policy.

Highlighted
Beginner

Hi Massimo,

Hi Massimo,

ASDM does not show me the hourly limitations in L2 tunnel, however, yes there is a limit in DflGrpPolicy (It has always been there); this night I try it this way, let's see if I can leave everything else...

group-policy GroupPolicy_ip.ip.ip.ip attributes
        vpn-access-hours none
      exit

Meanwhile, thank you for putting me on the right track!

73,

Arturo.

Highlighted

Nice to know you are going to

Nice to know you are going to solve your problems.

All in all we both belong to the "beautiful country" :-)