Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
911
Views
5
Helpful
3
Replies

VPN Site to Site on ASA 9.6.2: Access hours restrictions in effect

Arturo Bianchi
Level 1
Level 1

‎10-26-2016 03:23 PM

Hi,

after an upgrade starting from ASA version 9.6.1 to 9.6.2, on reboot, the site-to-site tunnel does not come back!   X_X

During the negotiation passes a message that provides an idea of the reason even if not understandable, as with the previous version was UP without problems:

Group = ip.ip.ip.ip, IP = ip.ip.ip.ip, L2L Authorization Failed - check your group-policy.
AAA unable to complete the request Error : reason = Access hours restrictions in effect : user = ip.ip.ip.ip

Why? I have not set any restrictions, what did this version update? I also tried to remove the tunnels from the configuration, restoring the same as usual but the problem persists!

Does anyone have an idea on what to do?

Thanks,
Arturo.

Labels:
0 Helpful
3 Replies 3

Massimo Baschieri
Level 3
Level 3

‎10-26-2016 10:54 PM

Try performing a "show running all" and look at the group-policy DfltGrpPolicy attributes.

Also look at the tunnel-group DefaultL2LGroup general-attributes and check if it refers to a different group-policy.

Last, check at your specific tunnel-groups and check if they refer to a different group-policy.

Arturo Bianchi
Level 1
Level 1
In response to Massimo Baschieri

‎10-27-2016 12:03 AM

Hi Massimo,

ASDM does not show me the hourly limitations in L2 tunnel, however, yes there is a limit in DflGrpPolicy (It has always been there); this night I try it this way, let's see if I can leave everything else...

group-policy GroupPolicy_ip.ip.ip.ip attributes
        vpn-access-hours none
      exit

Meanwhile, thank you for putting me on the right track!

73,

Arturo.

0 Helpful

Massimo Baschieri
Level 3
Level 3
In response to Arturo Bianchi

‎10-27-2016 12:31 AM

Nice to know you are going to solve your problems.

All in all we both belong to the "beautiful country" :-)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents