Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

PIX/ASA L2TP VPN DHCP OPTION 121/249

Hello,

I've got a PIX-515E running pix os v7.23

L2TP/IPSEC VPN is configured and works perfectly well with local address pool.

Clients use Windows L2TP client generated using CMAK.


Due to our expanded LAN infrastrcture and variety of local IP addressing I need to inject Classless Static Routes into client machines, whilst their default route remains unchanged (effectively a split tunneling).

I considered using DHCP Options 121/249, which seemed quite an easy task. Unfortuantely, it appeared not that easy at all, I am troubled to make it work, please help!

I use Windows Server 2008 R2 as DHCP server. with options 121 and 249 configured.

When I establish L2TP VPN Connection, Cisco PIX does not include 121/249 options in 'Parameter Request List' in it's DHCP Discover packet. Server in turn does not send these options in DHCP Offer packet because they were not requested. How do I make PIX/ASA request these options?

Current configuration excerpt:

group-policy gp_l2tpipsec internal

group-policy gp_l2tpipsec attributes

vpn-tunnel-protocol IPSec l2tp-ipsec

intercept-dhcp enable

tunnel-group DefaultRAGroup general-attributes

authentication-server-group RADIUS

accounting-server-group RADIUS

dhcp-server 10.0.0.51

Everyone's tags (6)
1 REPLY
Community Member

PIX/ASA L2TP VPN DHCP OPTION 121/249

I have the same problem. I want to set some static routes on the vpn client.

Have you any ideas how to configure this?

1230
Views
0
Helpful
1
Replies
CreatePlease to create content