01-15-2009 06:39 PM
I am having a problem with my 2821. I am trying to have my connecting cleint on VPN use a dhcp scope on a windows 2003 server. If I have the cleint connect with a fixed ip everything works fine. However when you ask to use a dhcp address the client times out getting an address.
The DHCP server serves up address to the rest of the network fine just not to VPN cleints. The cleints are using the native window Cleint
Here is the config on the router:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXXX
!
boot-start-marker
boot system flash c2800nm-adventerprisek9_sna-mz.124-23.bin
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication ppp default local
aaa authorization network default if-authenticated
!
aaa session-id common
clock timezone MDT -7
clock summer-time MDT date Apr 6 2003 2:00 Oct 26 2003 2:00
!
!
ip cef
!
!
ip name-server 10.4.0.10
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip address-pool dhcp-proxy-client
ip dhcp-server 10.4.0.10
!
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
voice-card 0
no dspfarm
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
interface Loopback0
ip address 172.16.48.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.4.0.4 255.255.0.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
description $ETH-WAN$
ip address xx.xx.xx.xx 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/1
ip helper-address 10.4.0.10
ip nat inside
ip virtual-reassembly
peer default ip address dhcp
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 216.129.91.17
ip route 10.0.0.0 255.255.0.0 10.4.0.1
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 110 interface GigabitEthernet0/1 overload
!
access-list 110 permit ip 10.0.0.0 0.255.255.255 any
access-list 110 permit tcp any any
access-list 110 permit ip any any
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
01-22-2009 04:46 AM
Check to see if the Windows server ever sees the DHCP request with an ethereal or similar network snoop. If it does get the request, does it reply?
That should narrow down where the problem is.
01-22-2009 12:55 PM
Here is the iformation in the DHCP log from the server.
10,01/22/09,13:51:17,Assign,10.4.20.29,EXTREMENET.extreme.eng,72737465656765,
12,01/22/09,13:51:23,Release,10.4.20.29,EXTREMENET.extreme.eng,72737465656765,
As you can see it does get an ip but does not send it to the host. Also every cleint shows up as the routers name instead of the computers name. The mac address seems to be wrong too. I am at a bit of a loss on this one.
02-02-2009 09:09 PM
After much searching I found one of the problems. DHCP was not working because it was requesting from the wrong interface.
In the configuration listed above this is shown:
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/1
It should have been:
interface Virtual-Template1
ip unnumbered GigabitEthernet0/0
Changed this one item and dhcp is now working.
However all vpn host now show up in the DHCP tables as the routers hostname.
I ahve been trying to find the comand to alow for the AAA loacl username to be used instead of the default witch the router proxyes its own name.
Any one have any idea on this?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: