I want to use the EzVPN in Client Mode to connect to the VPN 3005 Concentrator.
In the documentation:
The local router uses the DHCP protocol to assign IP addresses to the PCs that are connected to the router's LAN interface. This requires creating a pool of IP addresses for the router's onboard DHCP server. The DHCP server then assigns an IP address from this pool to each PC when it connects to the router.
In a typical VPN connection, the PCs connected to the router's LAN interface are assigned an IP address in a private address space. The router then uses NAT/PAT to translate those IP addresses into a single IP address that is transmitted across the VPN tunnel connection.
Is it really necessary to use DHCP on the internal LAN interface, or ist possible to work with IP Helper to aasign the IP address from a server in the central office ?
I do not think You can use IP Helper to assgin the ip address from a server in the central office.
Because when you are using VPN, the remote site and the central site LAN ip address can not be overlapped. Specially in the network extension mode, otherwise, it will cause routing issues there.
In the Client Mode, PCs in the central site can not see individual PC in the remote site, because all the PCs in the remote site has been natted at first then go through the IPSEC VPN tunnel.
This is reason why the IP Helper will not work, because from the central site, DHCP server can only see one MAC address (the MAC address of the natted ip address, that is the outside interface mac address of the router).
In our Lab the 806 establish the tunnel and the clients on the inside Interface gets an IP address by dhcp.
If we connect the 806 to our DSL Modem, the connection is OK, but the clients doesn´t get their IP address from the DHCP Server. An extended ping from the router inside interface to the dhcp-server is working !
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...