EZVPN and remote DHCP

Unanswered Question
Mar 11th, 2009

It seems that in order to enable dhcprelay on the ASA you have to point the relay out the outside interface. Can anyone say for sure if this traffic is still getting encrypted when using the ASA as an EZVPN NEM client?

I haven't had a chance to test it yet...does that configuration work?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Thu, 03/12/2009 - 20:33

I don't think this will work, typically ezvpn creates an SA from the outside of the client to the outside of the server, but in this case I am not sure it and since this is not affected by split tunnel or any config I doubt it will work. Reason you need to make sure that an SA is created from outside of the ASA to the DHCP server, not the EZVPN server. Your most feasible solution would be a normal dynamic to static and yet on this one you will find problems when the ip address changes.


This Discussion