Solved

Cisco FW VPN 5510 - SSL question

Posted on 2009-04-10
8
2,556 Views
Last Modified: 2012-05-06
Hello, this would probably be my first post after x amount of years here. I have a question. There seems to be something preventing our ssl portal from letting users log in. I have attached a screen capture of what happens when the correct credentials are inserted.

The problem is outside our network and has occured twice. The only known remedies that have come close to my issue is to reset/restart our ASA. The last time this happened I didn't get around to it and was self-remedied.

I've already tried logging into the ASDM console to see if there is a setting for updating the session management database but I don't see anything up front.

Im not to experienced in troubleshooting the cisco 5510 firewall. So i figured I'd drop a line here to see what many of you thought. The application is in a live environment. Any realistic suggestions and steps will be taking into consideration.

If there is anything else you need from me to assist in this please let me know.

Thank you in advanced.

"Unable to update the session management database"
heryougo.JPG
0
Comment
Question by:zenki_fc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 24116635
At the time of the error were there the MAX number of users connected?
I.e. a reboot of the device kicks all the existing sessions.

I.e. how many simultaneous VPN connection does your ASA support/licensed for?
0
 
LVL 1

Author Comment

by:zenki_fc
ID: 24116733
If I am no mistaken it can take up to 50 users at once. I highly doubt that all 50+ users were on at one point in time. But that's a good question. I will go ahead and reset/kick any users logged in and try again.
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 24116864
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 
LVL 1

Author Comment

by:zenki_fc
ID: 24130400
Hmm... we have 50 licenses so I don't think that exceeding the amount of users is the problem in this case. The issue was self resolved again the following morning (Saturday). Is there some sort of temporary/cache files that have to be cleared?

Any other ideas?
0
 
LVL 78

Expert Comment

by:arnold
ID: 24131127
Are there any errors/notives logged dealing with why access was being denied?
What are you timeouts set to?  I.e. how long is a session state maintained?
How many individuals can establish a VPN connection?  trying to see whether the 50 was met not with 50 simulteneous access but enough that logged in. and logged out within the timeout period. I.e. similar to an ARP cache that will take some time prior to the ASA clearing a session ID.
how do you control access to the SSL VPN?  Is it based on local auth or you have external Radius auth?
0
 
LVL 1

Author Comment

by:zenki_fc
ID: 24149697
Hey Arnold, thanks for your input. Since it's up and running right now I won't be able to dedicate as much time to it due to other deadlines and projects that are currently in motion. I will have to work with this later this weekend and keep you posted on any findings.

Thanks for being in touch and quick on responses. Have a great day.
0
 
LVL 1

Author Comment

by:zenki_fc
ID: 24818561
I can't seem to find another possible culprit to this. The only item that came close to this was the limited amout of users that can be connected.

Wanted to thank you all and I apologize for the delay. It was mostly on my part trying to troubleshoot it, but it hasnt come back and no one has reported this error since.
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Relic: Our company recently started researching several products to figure out what were the best ways for us to increase our web page speed and to quickly identify performance problems that we may be having. One of the products we evaluated wa…
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question