ASA VPN DHCP parameters

Unanswered Question
Jan 10th, 2008
User Badges:

I'm doing a vpn with a configuration like this one:

dhcp-network-scope 192.168.11.0

tunnel-group VPN_IL general-attributes

dhcp-server 192.168.10.38

Problem is that I do get my IP address from the corporate DHCP server (even if I have to cross the entire WAN) but all the other information are not pass to the PC. ie DNS values, WINS values, domain none of those info seems to be pass. According to a capture those are push by the DHCP server but somehow the ASA is not relaying that to the PC.

I did change the inherit value in ASDM and this seems to work at least for the domain and DNS values.


Can someone explain the process from the PC requesting and IP address and the ASA doing the actual request to main DHCP server. Is there particular option that need to be set on the DHCP since the PC is not directly issuing the request.

And what is the difference between that process and the DHCP and DHCP relay feature in the ASA.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gfullage Thu, 01/10/2008 - 17:35
User Badges:
  • Cisco Employee,

This is expected behaviour. The ASA will only use a DHCP server for assigning an IP address to the client, and will therefore ignore all other information sent from the DHCP server. If you want to assign DNS/WINS/etc parameters to the VPN client then you do this via commands under the specific group-policy:


group-policy examplepolicy internal

group-policy examplepolicy attributes

   dns-server 1.1.1.1 3.3.3.3

   wins-server 2.2.2.2 4.4.4.4

   default-domain value cisco.com


See http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpngrp.html#wp1166190 for all the parameters you can define.

Actions

This Discussion