Pix 605. Two questions: I have a small reserved set of addresses set in the PIX for a few people who use IPSEC VPN. At least one of the users keeps disconnecting. I believe what it happening is that the user is just closing the VPN client software and not disconnecting first. The big issue with this is that even though the sessions appear to close properly, the IP address is not returned as free to the pool. This is keeping other users from being able to VPN in because the pool has been exhausted. The only way that I've figured out to free these addresses is to do a reload on the PIX. Is there some command I can use to expire the lease on an address immediately?
Example: Pool is set as 10.10.10.64-10.10.10.70 Four clients login, getting assigned .64, .65, .66, and .67 in order of connection. .65 connection is lost in whatever weird way that's happening. The client reconnects, but is assigned .68. He loses conn again, reconnects, and is assigned .69. Two different clients now attempt to login, the first is assigned .70 and the second cannot get an address because .65 and .68 are "locked" and not returned to the pool for use. Also, which of the many timeouts control the lease time for a VPN pool? I have the following in the config that might be relevant: Arp timeout 14400 Timeout xlate 1:00:00 Timeout conn 1:00:00 Half-closed 0:10:00 Isakmp policy lifetime 28800 Vpngroup idle-time 2400 Vpngroup max-time 14400 Dhcpd lease 3600 Dhcpd ping_timeout 750 Thanks, Scott Klassen _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/