Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

Remote Access VPN license (IPSEC)

Hello,

We are facing some sporadic issues because users cannot connect through using the Endpoint Security Client. We are getting this error: You cannot receive an office Mode IP address because the security gateway does not have a license for Office mode

I am checking the CLuster licenses in SMS and I can see this: Mobile Access - Active - Quota: 0/110

But when I am running the following command, I can see that the maximun number of concurrent users has been 110:

[Expert@ITALFARM-GW1:0]# fw tab -t om_assigned_ips -s
HOST NAME ID #VALS #PEAK #SLINKS
localhost om_assigned_ips 386 107 110 0

So, I am not sure if users are making use of Mobile Access licenses when connecting through Remote Access VPN (IPSEC) and I am having this limitation and this is the reason because we get the mentioned error sometimes. Can you please help me to clarify this?

Thank you.

0 Kudos
Reply
7 Replies
Highlighted
Admin
Admin

0 Kudos
Reply
Highlighted
Explorer

Thanks for the answer. So, Are there licenses required which could limit the amount of concurrent users connected RA VPN (IPSEC) using Enpoint Security? If exists, how coul I check the limit? Thank you very much.

Best Regards.

0 Kudos
Reply
Highlighted
Admin
Admin

Please read via the link I have given you, it is also answered there

0 Kudos
Reply
Highlighted
Explorer

Yes, I have read that link but it does not answer all my questions, or at least I am not understanding it in the right way. I have ran this command and check how many connected users I have and avaialble licenses.

 

REMOTE ACCESS VPN STATS - Current
----------------------------------------------------------------------
Assigned OfficeMode IPs : 102 (Peak: 110)
Capsule/Endpoint VPN Users : 100 (Peak: 105) using Visitor Mode: 0
Capsule Workspace Users : 0 (Peak: 0)
MAB Portal Users : 0 (Peak: 0)
L2TP Users : 0 (Peak: 0)
SNX Users : 0 (Peak: 0)

LICENSES
----------------------------------------------------------------------
SecuRemote Users : 1000
Endpoint Connect Users : 0
Mobile Access Users : 110
SNX Users :

 

According to this output, I can see that there are currently 102 assigned OfficeMode IPs (Peak:110). I also can see that I have 110 Mobile Access licenses but I am not sure if these 102 sessions are making use of 110 available Mobile Access licenses. If not, I cannot understand why I am getting this error eventually (it just happens sometimes): 

You cannot receive an office Mode IP address because the security gateway does not have a license for Office mode 

Maybe the answer for my question is in the link you have provided me but I find it a bit confused. I just need to know if RA VPN connection with IPSEC, consume Mobile Access licenses or not. I think yes but SMS shows: Quota 0/110 and I do not if it is an cosmetic bug or if these licenses are not being used. Thanks and sorry not being able to understand it easily.

0 Kudos
Reply
Highlighted
Admin
Admin

I think what you're seeing is a cosmetic bug.
A screenshot of exactly where you're seeing it would help.

Office Mode IPs require a license (either Endpoint VPN or MAB).
Presumably you're getting the error when you run out of licenses for the concurrent connected users.
0 Kudos
Reply
Highlighted
Explorer

Yes, here you can check what I am looking in SMS. Thank you very much for the help.

Best Regards,

0 Kudos
Reply
Highlighted
Admin
Admin

Worth a TAC case to fix the cosmetic bug.
0 Kudos
Reply