EX SSL-VPN: AVPSD coring resulting appliance outage when we use Assigned Radius fixed IP on the rad
03/26/2020 5 11715
EX SSL-VPN: AVPSD coring resulting appliance outage when we use Assigned Radius fixed IP on the radius server for each user
AVPSD coring resulting appliance outage when we use Assigned Radius Pool on the radius server
Users unable to connect to workplace or connect tunnel, I noticed web proxy and workplace service outage. There were 3 AVPSD cores everyday and when applaince started coring even policyserver will so also die hence we could see appliance outage. I went through the configuration and found they are using Radius server assigned pool not the static and there are 8 subnet range resources are created and associted with ACL for users.
Customer configured in Radius server for each user they have assigned static IP and on the client side they are using connect tunnel service and whenever CTS disconnects and tries to reconnect it was unable to assign the same IP address since policyserver was not release the session and team ID, so we have this issue
***************snippet of access_servers.log***********************
[23/Jul/2009:11:07:35.629324 +0700] node1 001311 ps 00000000 Error System All 256 threads blocked and pool could not be grown, stack traces will be dumped every 60 seconds.
[23/Jul/2009:11:07:35.729361 +0700] node1 001311 ps 00000000 Error System All 256 threads blocked and pool could not be grown, stack traces will be dumped every 60 seconds.
making additional requests until theads in this state are reduced, Rule matches against Client Address Pools will fail until this situation clears. [22/Jul/2009:09:18:01.581373 +0700] node1 001311 ps 401000a3 Warning CSACL Conn: Maximum number of threads (50) allowed to ask for Client Address Resolutions has been reached, Policy Server is protecting itself by not
[14/Sep/2009:09:49:31.116118 +0700] node1 000000 kt 00000000 Info Session Src='172.16.254.20:14110' Auth='-' User='(user)@(realm)' SocksVersion='
0x101' Command='Flow:UDP' Dest='172.16.7.18:14110' Error='0' SrcBytes='0' DstBytes='0' Duration='151' VirtualHost='-' EquipmentId='-'
[14/Sep/2009:09:49:31.116126 +0700] node1 000000 kt 00000000 Info Session Src='172.16.254.20:1049' Auth='-' User='(user)@(realm)' SocksVersion='0
x101' Command='Flow:TCP' Dest='172.16.254.5:14220' Error='0' SrcBytes='1200' DstBytes='6857' Duration='165' VirtualHost='-' EquipmentId='-'
[14/Sep/2009:09:49:31.116289 +0700] node1 014864 up 00000001 Error System AddressManagerOwner found duplicate tunnel address 172.16.254.20, pool should ha
ve handled this. Consider checking for address overlaps between pools or duplicate client GUIDs.
[14/Sep/2009:09:49:31.116370 +0700] node1 014864 up 00000001 Error System ReleaseAddress Can't find address 172.16.254.20 in any pool
The fix for this issue is included in "pform-hotfix-10_0_2-004"
Tracking ID: 81346