[c-nsp] WebVPN Issue

Antonio Soares amsoares at netcabo.pt
Wed Feb 10 12:24:12 EST 2010 

Yes, it works fine with local pool. In this case, the AC client gets a message saying "no address assigned".

I was able to reproduce the problem in the meanwhile. It makes sense that the 2nd user is not able to establish the session but it
doesn't make sense the 1st looses his connection.

This seems a bug to me.

Thanks.

Regards,
 
Antonio Soares, CCIE #18473 (R&S/SP)
amsoares at netcabo.pt

-----Original Message-----
From: Roman Rodichev [mailto:romangs at iementor.com] 
Sent: quarta-feira, 10 de Fevereiro de 2010 17:03
To: Antonio Soares
Cc: Farrukh Haroon; <cisco-nsp at puck.nether.net>; Cisco certification
Subject: Re: WebVPN Issue

So that might be the problem. How can you assign a different IP from  
RADIUS for concurrent logins?

It should work with local pool

Sent from my iPhone

On Feb 10, 2010, at 10:14 AM, "Antonio Soares" <amsoares at netcabo.pt>  
wrote:

> Thank you both for your inputs. I still cannot share the config  
> since i saw this in a production network and i'm still trying to
> reproduce it in the lab.
>
> But the "debug ip routing" says it all:
>
> 1) When user X connects, he gets ip=10.10.10.166
>
> RT(VRF_X): updating static 10.10.10.166/32 (0x1) via 0.0.0.0 SS1
> RT(VRF_X): add 10.10.10.166/32 via 0.0.0.0, static metric [0/0]
>
> 2) When another user tries the connection with the same user X:
>
> RT(VRF_X): del 10.10.10.166 via 0.0.0.0, static metric [0/0]
> RT(VRF_X): delete subnet route to 10.10.10.166/32
> RT(VRF_X): updating static 10.10.10.166/32 (0x1) via 0.0.0.0 SS1
> RT(VRF_X): add 10.10.10.166/32 via 0.0.0.0, static metric [0/0]
> RT(VRF_X): del 10.10.10.166 via 0.0.0.0, static metric [0/0]
> RT(VRF_X): delete subnet route to 10.10.10.166/32
>
> So the router deletes the route, adds it and removes it again. This  
> explains the loss of connectivity.
>
> We have radius authentication and the radius server assigns a pre- 
> defined ip to each user. So when the radius server sends the same
> ip, it seems the router gets confused.
>
>
> Thanks.
>
> Regards,
>
> Antonio Soares, CCIE #18473 (R&S/SP)
> amsoares at netcabo.pt
>
> -----Original Message-----
> From: nobody at groupstudy.com [mailto:nobody at groupstudy.com] On Behalf  
> Of Farrukh Haroon
> Sent: quarta-feira, 10 de Fevereiro de 2010 6:27
> To: Antonio Soares
> Cc: cisco-nsp at puck.nether.net; Cisco certification
> Subject: Re: WebVPN Issue
>
> No it works fine for multiple users, we have it running. If you can  
> post the
> sanitized config, I can have a look.
>
> Also check your 'show tcp brief' output to see if you have any stale
> connections there. We faced a  similar issue, and putting 'service
> tcp-keepalives-in' fixed the issue (you may put 'out' as well)..
>
> We are running 12.4(15)Tx tough.
>
> Regards
>
> Farrukh
>
>
>
> On Wed, Feb 10, 2010 at 4:55 AM, Antonio Soares  
> <amsoares at netcabo.pt> wrote:
>
>> Hello group,
>>
>> I'm facing a strange issue with IOS Based WebVPN: when user X is  
>> connected
>> and then another user uses the same user X, the second
>> user is not able to connect but the first user looses connectivity.  
>> I have
>> this with IOS 12.4.24T and AC 2.3.2016 running on a 2821.
>> This is not expected behavior, right ?
>>
>>
>> Thanks.
>>
>> Regards,
>>
>> Antonio Soares, CCIE #18473 (R&S/SP)
>> amsoares at netcabo.pt
>
>

More information about the cisco-nsp mailing list