VPN Concentrator & DHCP Server

Unanswered Question
Jan 13th, 2008

Dear all

my vpn concentrator is not able to give ip to remote access vpn client. concentrator is acting

as dhcp rely agent. Concentrator priviate interface is connected with a pix firewall dmz who is

also acting as dhcp rely for some other networks in its dmz.

concentrator is able to ping dhcp and all the connectivity is okay.

i m getting following errors while client tries to connect with concentrator.\

1033 01/13/2008 16:48:33.780 SEV=9 DHCPDBG/29 RPT=5452

DHCP poll timeouts routine entered

1034 01/13/2008 16:48:33.780 SEV=9 DHCPDBG/30 RPT=5452

DHCP poll stats: callbacks 0, active CBs 0, total CBs 1

1035 01/13/2008 16:48:34.670 SEV=9 DHCPDBG/15 RPT=44

DHCP task: Timeout type 0, msg 0x7049db8

1036 01/13/2008 16:48:34.670 SEV=8 DHCPDBG/36 RPT=30

DHCP no response to DISCOVER sent to 172.28.32.13 (xid 3684789027)

1037 01/13/2008 16:48:34.670 SEV=7 DHCPDBG/40 RPT=30

DHCP attempt to get next server failed (xid 3684789027)

1038 01/13/2008 16:48:34.670 SEV=9 DHCPDBG/28 RPT=194

DHCP restart servers routine entered

1039 01/13/2008 16:48:34.670 SEV=9 DHCPDBG/38 RPT=45

DHCP obtained first server 172.28.32.13 port 67 (xid 3684789027)

1040 01/13/2008 16:48:34.670 SEV=8 DHCPDBG/46 RPT=45

DHCP sending DISCOVER to server 172.28.32.13 port 67 (xid 3684789027)

kindly help me out. I cant disable dhcp rely on pix bcz other subnet will suffer.

my dhcp server is working fine and assigning ip to rest of all my network.

please help me out.

dhcp server address is 172.28.33.13

pix dmz ip 172.28.95.2

concentrator 172.28.95.95

static (inside,edn) 172.28.32.13 172.28.32.13 netmask 255.255.255.255

access-list nonat extended permit ip 172.28.32.0 255.255.255.0 172.28.32.0 255.255.255.0

access-list nonat extended permit ip 172.28.92.0 255.255.255.0 172.28.37.0 255.255.255.0

access-list nonat extended permit ip 172.28.32.0 255.255.255.0 172.28.37.0 255.255.255.0

access-list nonat extended permit ip 172.28.64.0 255.255.255.0 172.28.37.0 255.255.255.0

nat (inside) 0 access-list nonat

dhcp filter is applied on concentrator public interface. DHCP rely is enable.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
irisrios Fri, 01/18/2008 - 13:16

Make sure that the DHCP server is mentioned in the concentrator. Check if all of the following steps are accomplished

Under Configuration | System | Servers | DHCP make sure that the server is set , Under: Configuration | System | IP Routing | DHCPthat DHCP is enabled and under: Configuration | System | Address Management | Assignment Use DHCP is checked.

wasiimcisco Sat, 01/19/2008 - 02:17

hi,

thanks for the reply. Everything is configured. This is a bug in 7.2(3)8. It few times works or few times not. I have contact with cisco tac and they told me about this. they are working on it.

Actions

This Discussion