cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
326
Views
0
Helpful
2
Replies

VPN Concentrator & DHCP Server

wasiimcisco
Level 1
Level 1

Dear all

my vpn concentrator is not able to give ip to remote access vpn client. concentrator is acting

as dhcp rely agent. Concentrator priviate interface is connected with a pix firewall dmz who is

also acting as dhcp rely for some other networks in its dmz.

concentrator is able to ping dhcp and all the connectivity is okay.

i m getting following errors while client tries to connect with concentrator.\

1033 01/13/2008 16:48:33.780 SEV=9 DHCPDBG/29 RPT=5452

DHCP poll timeouts routine entered

1034 01/13/2008 16:48:33.780 SEV=9 DHCPDBG/30 RPT=5452

DHCP poll stats: callbacks 0, active CBs 0, total CBs 1

1035 01/13/2008 16:48:34.670 SEV=9 DHCPDBG/15 RPT=44

DHCP task: Timeout type 0, msg 0x7049db8

1036 01/13/2008 16:48:34.670 SEV=8 DHCPDBG/36 RPT=30

DHCP no response to DISCOVER sent to 172.28.32.13 (xid 3684789027)

1037 01/13/2008 16:48:34.670 SEV=7 DHCPDBG/40 RPT=30

DHCP attempt to get next server failed (xid 3684789027)

1038 01/13/2008 16:48:34.670 SEV=9 DHCPDBG/28 RPT=194

DHCP restart servers routine entered

1039 01/13/2008 16:48:34.670 SEV=9 DHCPDBG/38 RPT=45

DHCP obtained first server 172.28.32.13 port 67 (xid 3684789027)

1040 01/13/2008 16:48:34.670 SEV=8 DHCPDBG/46 RPT=45

DHCP sending DISCOVER to server 172.28.32.13 port 67 (xid 3684789027)

kindly help me out. I cant disable dhcp rely on pix bcz other subnet will suffer.

my dhcp server is working fine and assigning ip to rest of all my network.

please help me out.

dhcp server address is 172.28.33.13

pix dmz ip 172.28.95.2

concentrator 172.28.95.95

static (inside,edn) 172.28.32.13 172.28.32.13 netmask 255.255.255.255

access-list nonat extended permit ip 172.28.32.0 255.255.255.0 172.28.32.0 255.255.255.0

access-list nonat extended permit ip 172.28.92.0 255.255.255.0 172.28.37.0 255.255.255.0

access-list nonat extended permit ip 172.28.32.0 255.255.255.0 172.28.37.0 255.255.255.0

access-list nonat extended permit ip 172.28.64.0 255.255.255.0 172.28.37.0 255.255.255.0

nat (inside) 0 access-list nonat

dhcp filter is applied on concentrator public interface. DHCP rely is enable.

2 Replies 2

irisrios
Level 6
Level 6

Make sure that the DHCP server is mentioned in the concentrator. Check if all of the following steps are accomplished

Under Configuration | System | Servers | DHCP make sure that the server is set , Under: Configuration | System | IP Routing | DHCPthat DHCP is enabled and under: Configuration | System | Address Management | Assignment Use DHCP is checked.

hi,

thanks for the reply. Everything is configured. This is a bug in 7.2(3)8. It few times works or few times not. I have contact with cisco tac and they told me about this. they are working on it.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: