ASA - DHCP options not passed when dhcprelay enabled

fembsen · ‎09-20-2007

Hi all,

I have an ASA5510 which serves as an DHCP relay for L2TP/IPSec VPN Clients. The VPN clients connect to a CVPN3005 concentrator on one off the dmz segments on the ASA. The concentrator then does a DHCP request for the client to an DHCP server on the inside network.

The problem is: I get an IP address but none of the DHCP options (classless routes, DNS servers, domainname).

I had the same configuration with running with a PIX515 and all worked well.

Can anyone tell me what the problem is?

Regards, Frank

amritpatek · ‎09-26-2007

Check if you have configured the commands properly and have enabled the command "vpn-addr-assign dhcp" in ASA, which is disabled by default. Following link may help you regarding DHCP addressing for Clients

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/vpnadd.html

fembsen · ‎09-27-2007

Thanx for the reply!

However in our config the ASA only acts as a DHCP relay. It passes DHCP requests from the CVPN3005 on a DMZ interface to a DHCP server on the inside network.

The vpn-addr-assign command is, as far as I know, only used when client VPN's are terminated on the ASA itself which is not the case here. Remember: I get an DHCP address but not the, in the scope specified, DHCP options.

Could it be that I have to set 'dhcpd auto_config'? Is this a global DHCP option which is used by 'dhcpd' as well as 'dhcprelay'?

regards, Frank