Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Iron

How many tunnel for one user ?

Hi everybody

I have an issue like this:

My VPN pool is 192.168.250.0/24

When i try to use Endpoint VPN to connect, the message is appear:

"Connection Failed: You cannot receive an Office Mode IP address at this time. Try to connect again. If the problem persists, contact your administrator.

I checked on Smartview Monitor, the concurrent users are 168, but the Log in Smartview Tracker is IP Pool full

Could anyone explain it to me ?

Thank you so much

Regards

0 Kudos
4 Replies
Highlighted
Sapphire

Endpoint RA VPN does not use the concurrent MAB users, but the EP VPN seats !

sk39034 To see the number of currently connected Remote Access users, run this command (in Expert mode) on the VPN Security Gateway:

[Expert@HostName]# fw tab -t userc_users -s

sk14496 To see the username of each "connected" remote access user (in the last 15 minutes), run this command (in Expert mode) on VPN Security Gateway:

[Expert@HostName]# fw tab -t userc_rules -f

You can check the Office Mode state using the following:

sk43883 - What is the difference between marcipan_ippool_users and om_assigned_ips :

The marcipan table lists the office mode ip address. So if you type in the cmd

  1. fw tab -t marcipan_ippool_users -f

This will show the list in readable format.

The om_assigned_ips deals with the office mode ip address tied with the user name. Type the tab cmd with the -f switch.

  1. fw tab -t om_assigned_ips -f

sk36036 - to determine # of SNX users (# of individuals using office mode) on GW issue :

fw tab -t sslt_om_ip_params -s

You can also run the following command on the gateway, in order to see the number of OM IPs which are currently assigned by the gateway:

  1. fw tab -t om_assigned_ips -s

HOST NAME ID #VALS #PEAK #SLINKS localhost om_assigned_ips 372 1 1 0

The above output (#VALS=1 ) means currently one client is assigned an OM IP. This includes SNX users with OM IPs as well, who take up from a different license (SSL). In order to find out how many there are of those and subtract them to leave only IPsec VPN clients (i.e. SecureClient, Endpoint Security VPN, Endpoint Connect), check the following table:

  1. fw tab -t sslt_om_ip_params -s

HOST NAME ID #VALS #PEAK #SLINKS localhost sslt_om_ip_params 372 1 1 0

Highlighted
Iron

It's very usefull. Thank you so much

But my question is still unresolved

Because in Smartview Monitor, i saw the Remote User Tunnel is 166 and i cannot connect to VPN because IP pool full

The IP Pool is 192.168.150.0/24, and it should be assign for 254 user, right ?

Regards

0 Kudos
Highlighted
Admin
Admin

If you’re not licensed for that many users, definitely not.
In any case, if you can provide (possibly redacted) output of the above commands, it might help us see what’s happening.
0 Kudos
Highlighted

I have the same issue with them, currently, I have 760 plus users are already connected but other users are unable to connect and currently impacting their production. May i know the maximum users that can connect through the VPN? is there any command that i can use to check ?

0 Kudos