DHCP Relay to Windows server

Unanswered Question
May 23rd, 2010
User Badges:

From my ISP, my connection goes to an ASA-5505 and then on to my UC540.  Behind the UC540 is a Windows server running DHCP.  I want VPN users that connect to the ASA-5505 to get IP addresses from the Windows server.

I had this working last week after a few hours of digging and for some reason, it isn't working now.  (I think I did a "copy start run" on the UC540)

The ASA is reporting "Cannot obtain an IP address for remote peer"

What do I need to do on each device to make this work for an IPSEC VPN?

Thanks in advance!


>> Related commands

group-policy RemoteAccess_Group attributes
tunnel-group RemoteAccess_Group general-attributes
authentication-server-group WindowsIAS
default-group-policy RemoteAccess_Group
no vpn-addr-assign aaa
no vpn-addr-assign local


>> Related commands

ip dhcp relay information trust-all

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
William Childs Mon, 05/24/2010 - 01:26
User Badges:
  • Bronze, 100 points or more


If you performed a copy start run then you copied your startup config OVER your running config. I hope you did not save anything after that. Try rebooting to semi-recover your UC540, and then run a ping test from the ASA to the DHCP server. If that does not work, then check that your ip routing is still good and that your firewall/NAT settings are removed from the UC.

If the ASA cannot get to the server (I suspect this to be true) then make sure you are not blocking traffic through the 540. I would be willing to bet that the copy start run is what hosed up your configuration. Use CCA to delete the NAT rules and firewall settings. Please report your findings.


Tim-Saunders Mon, 05/24/2010 - 07:08
User Badges:

Thanks Bill.

Thankfully, I didn't lose the entire config for the two devices.  I just lost the changes to the DHCP relay settings.

I have the UC540 setup with the firewall and NAT disabled.  The ASA has static routes for the IP ranges that are on the inside of the UC540.

Pings from the ASA were successful to the DHCP server.


This Discussion