[c-nsp] WebVPN Issue

Antonio Soares amsoares at netcabo.pt
Wed Feb 10 11:14:37 EST 2010 

Thank you both for your inputs. I still cannot share the config since i saw this in a production network and i'm still trying to
reproduce it in the lab.

But the "debug ip routing" says it all:

1) When user X connects, he gets ip=10.10.10.166

RT(VRF_X): updating static 10.10.10.166/32 (0x1) via 0.0.0.0 SS1
RT(VRF_X): add 10.10.10.166/32 via 0.0.0.0, static metric [0/0]

2) When another user tries the connection with the same user X:

RT(VRF_X): del 10.10.10.166 via 0.0.0.0, static metric [0/0]
RT(VRF_X): delete subnet route to 10.10.10.166/32
RT(VRF_X): updating static 10.10.10.166/32 (0x1) via 0.0.0.0 SS1
RT(VRF_X): add 10.10.10.166/32 via 0.0.0.0, static metric [0/0]
RT(VRF_X): del 10.10.10.166 via 0.0.0.0, static metric [0/0]
RT(VRF_X): delete subnet route to 10.10.10.166/32

So the router deletes the route, adds it and removes it again. This explains the loss of connectivity.

We have radius authentication and the radius server assigns a pre-defined ip to each user. So when the radius server sends the same
ip, it seems the router gets confused.


Thanks.

Regards,
 
Antonio Soares, CCIE #18473 (R&S/SP)
amsoares at netcabo.pt

-----Original Message-----
From: nobody at groupstudy.com [mailto:nobody at groupstudy.com] On Behalf Of Farrukh Haroon
Sent: quarta-feira, 10 de Fevereiro de 2010 6:27
To: Antonio Soares
Cc: cisco-nsp at puck.nether.net; Cisco certification
Subject: Re: WebVPN Issue

No it works fine for multiple users, we have it running. If you can post the
sanitized config, I can have a look.

Also check your 'show tcp brief' output to see if you have any stale
connections there. We faced a  similar issue, and putting 'service
tcp-keepalives-in' fixed the issue (you may put 'out' as well)..

We are running 12.4(15)Tx tough.

Regards

Farrukh



On Wed, Feb 10, 2010 at 4:55 AM, Antonio Soares <amsoares at netcabo.pt> wrote:

> Hello group,
>
> I'm facing a strange issue with IOS Based WebVPN: when user X is connected
> and then another user uses the same user X, the second
> user is not able to connect but the first user looses connectivity. I have
> this with IOS 12.4.24T and AC 2.3.2016 running on a 2821.
> This is not expected behavior, right ?
>
>
> Thanks.
>
> Regards,
>
> Antonio Soares, CCIE #18473 (R&S/SP)
> amsoares at netcabo.pt

More information about the cisco-nsp mailing list