11-18-2002 02:31 PM - edited 03-09-2019 01:06 AM
I'm having trouble setting up a WIN2K DHCP server to hand out addresses to my VPN clients (client v.3.5.3, 3015 concentrator v3.6.3). The Private subnet of the Concentrators is on the same network as the DHCP server. The DHCP addresses only exist for the clients, so there isn't a physical network that uses the same subnets. This setup is currently working by using the local pools on the Concentrators, but when I try to point the Concentrators to the active DHCP scopes, it gives me an error saying that it cannot retrieve an address from DHCP. On the Concentrators, I've added the server IP into the DHCP server section as well as enabling "DHCP Parameters". I've setup superscopes on DHCP which combine 2 class C's to hand out to the "router" (which is the Concentrator's private interface IP), but I don't know why it's failing!!!
Please help!!!
11-18-2002 07:47 PM
Enable the class dhcp, set 1-9 under config|system|event|classes, then try a connection, then see the log viewer, and you might see more information about what is happening.
Regards,
11-18-2002 07:47 PM
I'll presume you've done this but have to ask. Have you checked the "Use DHCP" box under Address Management - Assignment?
The scopes you've set on the DHCP server, are they in the Private interface's subnet range, or are they something completely different (the latter I think going by your description). I'm not 100% sure if the concentrator will accept addresses via DHCP that aren't in the private subnet range, or even how you set up DHCP to give out addresses that aren't in the source IP addresses subnet range. What if you create a scope that gives out addresses in the subnet of the private interface of the concentrator, does that work? Do you see any errors on the DHCP server, maybe in the logs somewhere.
You could also go to Config - System - Events - Classes and add the DHCP, DHCPDBG and DHCPDECODE classes at Severity to Log of 1-13. Then go to Monitoring - Filterable Event Log, clear the log, try a connection, then do a Get Log and that'll give you a LOT more information about what's going wrong.
11-18-2002 08:21 PM
Thanks! I'll give that a try and post any results I find. I had been trying to figure out how to increase the logging.....I could only get it to "1-5"
Eric
11-19-2002 05:14 AM
I think the private address of the VPN concentrator needs to be part of the scope you've set up. I'm guessing that the VPN3000 sends the DHCP request as if it were using DHCP/BOOTP helpering, in which case the DHCP server will use the interface IP address of the relay (the VPN3000) to work out which scope to use. Otherwise, I can't see how the DHCP server can figure out the scope the address should be allocated from.
11-21-2002 02:12 PM
In VPN 3000 versions3.6.x and before, the DHCP scope had to be part tof the VPN 300's private interface subnet.
In the next major version of VPN 3000 (Rel 4.0---1st quarter CY 2003 for general availability) we will have the ability to define the DHCP scope sent to to DHCP server.
It will be a Group attribute called DHCP Network Scope. All users connecting to this group will be assigned an IP from the particular scope.
Be sure sure to sign up for the Beta program ~ mid January 2003 to get an early look.
Nelson
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide