cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
375
Views
0
Helpful
1
Replies

ASA VPN DHCP parameters

mdlv
Level 1
Level 1

I'm doing a vpn with a configuration like this one:

dhcp-network-scope 192.168.11.0

tunnel-group VPN_IL general-attributes

dhcp-server 192.168.10.38

Problem is that I do get my IP address from the corporate DHCP server (even if I have to cross the entire WAN) but all the other information are not pass to the PC. ie DNS values, WINS values, domain none of those info seems to be pass. According to a capture those are push by the DHCP server but somehow the ASA is not relaying that to the PC.

I did change the inherit value in ASDM and this seems to work at least for the domain and DNS values.

Can someone explain the process from the PC requesting and IP address and the ASA doing the actual request to main DHCP server. Is there particular option that need to be set on the DHCP since the PC is not directly issuing the request.

And what is the difference between that process and the DHCP and DHCP relay feature in the ASA.

1 Reply 1

gfullage
Cisco Employee
Cisco Employee

This is expected behaviour. The ASA will only use a DHCP server for assigning an IP address to the client, and will therefore ignore all other information sent from the DHCP server. If you want to assign DNS/WINS/etc parameters to the VPN client then you do this via commands under the specific group-policy:

group-policy examplepolicy internal

group-policy examplepolicy attributes

   dns-server 1.1.1.1 3.3.3.3

   wins-server 2.2.2.2 4.4.4.4

   default-domain value cisco.com

See http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpngrp.html#wp1166190 for all the parameters you can define.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: