Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

EzVPN with 806 require DHCP ?

I want to use the EzVPN in Client Mode to connect to the VPN 3005 Concentrator.

In the documentation:

The local router uses the DHCP protocol to assign IP addresses to the PCs that are connected to the router's LAN interface. This requires creating a pool of IP addresses for the router's onboard DHCP server. The DHCP server then assigns an IP address from this pool to each PC when it connects to the router.

In a typical VPN connection, the PCs connected to the router's LAN interface are assigned an IP address in a private address space. The router then uses NAT/PAT to translate those IP addresses into a single IP address that is transmitted across the VPN tunnel connection.

Is it really necessary to use DHCP on the internal LAN interface, or ist possible to work with IP Helper to aasign the IP address from a server in the central office ?

New Member

Re: EzVPN with 806 require DHCP ?

I do not think You can use IP Helper to assgin the ip address from a server in the central office.

Because when you are using VPN, the remote site and the central site LAN ip address can not be overlapped. Specially in the network extension mode, otherwise, it will cause routing issues there.

In the Client Mode, PCs in the central site can not see individual PC in the remote site, because all the PCs in the remote site has been natted at first then go through the IPSEC VPN tunnel.

This is reason why the IP Helper will not work, because from the central site, DHCP server can only see one MAC address (the MAC address of the natted ip address, that is the outside interface mac address of the router).

New Member

Re: EzVPN with 806 require DHCP ?

OK, now we use the network extension mode.

In our Lab the 806 establish the tunnel and the clients on the inside Interface gets an IP address by dhcp.

If we connect the 806 to our DSL Modem, the connection is OK, but the clients doesn´t get their IP address from the DHCP Server. An extended ping from the router inside interface to the dhcp-server is working !

Do you have any tips for me ??