Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Edu_Amores
Explorer

Remote Access VPN license (IPSEC)

Hello,

We are facing some sporadic issues because users cannot connect through using the Endpoint Security Client. We are getting this error: You cannot receive an office Mode IP address because the security gateway does not have a license for Office mode

I am checking the CLuster licenses in SMS and I can see this: Mobile Access - Active - Quota: 0/110

But when I am running the following command, I can see that the maximun number of concurrent users has been 110:

[Expert@ITALFARM-GW1:0]# fw tab -t om_assigned_ips -s
HOST NAME ID #VALS #PEAK #SLINKS
localhost om_assigned_ips 386 107 110 0

So, I am not sure if users are making use of Mobile Access licenses when connecting through Remote Access VPN (IPSEC) and I am having this limitation and this is the reason because we get the mentioned error sometimes. Can you please help me to clarify this?

Thank you.

0 Kudos
7 Replies
_Val_
Admin
Admin

0 Kudos
Edu_Amores
Explorer

Thanks for the answer. So, Are there licenses required which could limit the amount of concurrent users connected RA VPN (IPSEC) using Enpoint Security? If exists, how coul I check the limit? Thank you very much.

Best Regards.

0 Kudos
_Val_
Admin
Admin

Please read via the link I have given you, it is also answered there

0 Kudos
Edu_Amores
Explorer

Yes, I have read that link but it does not answer all my questions, or at least I am not understanding it in the right way. I have ran this command and check how many connected users I have and avaialble licenses.

 

REMOTE ACCESS VPN STATS - Current
----------------------------------------------------------------------
Assigned OfficeMode IPs : 102 (Peak: 110)
Capsule/Endpoint VPN Users : 100 (Peak: 105) using Visitor Mode: 0
Capsule Workspace Users : 0 (Peak: 0)
MAB Portal Users : 0 (Peak: 0)
L2TP Users : 0 (Peak: 0)
SNX Users : 0 (Peak: 0)

LICENSES
----------------------------------------------------------------------
SecuRemote Users : 1000
Endpoint Connect Users : 0
Mobile Access Users : 110
SNX Users :

 

According to this output, I can see that there are currently 102 assigned OfficeMode IPs (Peak:110). I also can see that I have 110 Mobile Access licenses but I am not sure if these 102 sessions are making use of 110 available Mobile Access licenses. If not, I cannot understand why I am getting this error eventually (it just happens sometimes): 

You cannot receive an office Mode IP address because the security gateway does not have a license for Office mode 

Maybe the answer for my question is in the link you have provided me but I find it a bit confused. I just need to know if RA VPN connection with IPSEC, consume Mobile Access licenses or not. I think yes but SMS shows: Quota 0/110 and I do not if it is an cosmetic bug or if these licenses are not being used. Thanks and sorry not being able to understand it easily.

0 Kudos
PhoneBoy
Admin
Admin

I think what you're seeing is a cosmetic bug.
A screenshot of exactly where you're seeing it would help.

Office Mode IPs require a license (either Endpoint VPN or MAB).
Presumably you're getting the error when you run out of licenses for the concurrent connected users.
0 Kudos
Edu_Amores
Explorer

Yes, here you can check what I am looking in SMS. Thank you very much for the help.

Best Regards,

0 Kudos
PhoneBoy
Admin
Admin

Worth a TAC case to fix the cosmetic bug.
0 Kudos