There is one aix server, IP is 152.240.28.14, the user IP is 152.240.88.64, The user is able to get access briefly then all access is denied from the whole subnet 152.240.88.0. a short while later access is granted and the same thing happens all over again.
The customer is able to ping the gateway of the servers no problem while the access to the servers is denied.
what do you exactly mean with get access briefly. This looks like AIX is detecting intrusion and is preventing all access from the corresponding subnet
Is this only happening to one particular user or for all users logging in to this particular host?
This sounds to me like some weird timeout setting on the router/switch or -as said before - some misguided intrusion detection or user profile setting. I would understand the behaviour if your user could not login at all but this way ... hmmm. Is your user kicked out after some inactivity or while he is actively working on the host ?
When you mentioned access is denied for a shortwhile, did you ask to see if the user can login through a different subnet and verified they were able to login?
Did they type in the password incorrectly, or use some form of LDAP authentication?
Do you have ipfilters installed for AIX, that might activate when it senses too many connections?
What type of access denied problems to they get, for instance:
1) Do they attempt to connect through ssh and then it just times out and then just exists out.
2) Or if they perform a ssh connection, do they get a password prompt and then they cant login even when they type it in correctly?
Your responses are a bit vague and i wish you can clarify.
BTW you didnt really answer my question earlier.
When the user encounters this problem, do you have that same user log in though a different IP address?