I'm having trouble setting up a WIN2K DHCP server to hand out addresses to my VPN clients (client v.3.5.3, 3015 concentrator v3.6.3). The Private subnet of the Concentrators is on the same network as the DHCP server. The DHCP addresses only exist for the clients, so there isn't a physical network that uses the same subnets. This setup is currently working by using the local pools on the Concentrators, but when I try to point the Concentrators to the active DHCP scopes, it gives me an error saying that it cannot retrieve an address from DHCP. On the Concentrators, I've added the server IP into the DHCP server section as well as enabling "DHCP Parameters". I've setup superscopes on DHCP which combine 2 class C's to hand out to the "router" (which is the Concentrator's private interface IP), but I don't know why it's failing!!!
I'll presume you've done this but have to ask. Have you checked the "Use DHCP" box under Address Management - Assignment?
The scopes you've set on the DHCP server, are they in the Private interface's subnet range, or are they something completely different (the latter I think going by your description). I'm not 100% sure if the concentrator will accept addresses via DHCP that aren't in the private subnet range, or even how you set up DHCP to give out addresses that aren't in the source IP addresses subnet range. What if you create a scope that gives out addresses in the subnet of the private interface of the concentrator, does that work? Do you see any errors on the DHCP server, maybe in the logs somewhere.
You could also go to Config - System - Events - Classes and add the DHCP, DHCPDBG and DHCPDECODE classes at Severity to Log of 1-13. Then go to Monitoring - Filterable Event Log, clear the log, try a connection, then do a Get Log and that'll give you a LOT more information about what's going wrong.
I think the private address of the VPN concentrator needs to be part of the scope you've set up. I'm guessing that the VPN3000 sends the DHCP request as if it were using DHCP/BOOTP helpering, in which case the DHCP server will use the interface IP address of the relay (the VPN3000) to work out which scope to use. Otherwise, I can't see how the DHCP server can figure out the scope the address should be allocated from.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :