I’m trying to configure DHCP for an IPSec VPN on an ASA5510 8.2(1), but just can’t get it to work.
On the same ASA5510, I have about 20 working IPSec peers, using either EasyVPN (with nem) or local pool addresses. The new tunnel -group I’m configuring is the first that must use DHCP because I’ll have to provide clients (IP Phones) with more information than just an address.
The server is used by other systems as well so I’m certain it’s working properly. In fact, ASA5510 uses it for radius which rules out any internal communication issues.
tunnel-group vpnphone general-attributes
group-policy vpnphone-policy attributes
<132>:Mar 11 10:26:54 CEST: %ASA-ipaa-4-737019: IPAA: Unable to get address from group-policy or tunnel-group local pools
<132>:Mar 11 10:26:54 CEST: %ASA-ipaa-4-737012: IPAA: Address assignment failed
<131>:Mar 11 10:26:54 CEST: %ASA-vpn-3-713132: Group = vpnphone, Username = secpeph000, IP = X.X.X.X, Cannot obtain an IP address for remote peer
There’s no log at all on the DHCP server because ASA5510 is not even trying to use it.
Can anyone point me in the right direction on this one?