I'm doing a vpn with a configuration like this one:
tunnel-group VPN_IL general-attributes
Problem is that I do get my IP address from the corporate DHCP server (even if I have to cross the entire WAN) but all the other information are not pass to the PC. ie DNS values, WINS values, domain none of those info seems to be pass. According to a capture those are push by the DHCP server but somehow the ASA is not relaying that to the PC.
I did change the inherit value in ASDM and this seems to work at least for the domain and DNS values.
Can someone explain the process from the PC requesting and IP address and the ASA doing the actual request to main DHCP server. Is there particular option that need to be set on the DHCP since the PC is not directly issuing the request.
And what is the difference between that process and the DHCP and DHCP relay feature in the ASA.
This is expected behaviour. The ASA will only use a DHCP server for assigning an IP address to the client, and will therefore ignore all other information sent from the DHCP server. If you want to assign DNS/WINS/etc parameters to the VPN client then you do this via commands under the specific group-policy:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...