Yes I have that already. My windows dhcp server has many subnets for my vlans and remote networks. I want my vpn clients to get an IP from a specific subnet scope that's not on the same subnet as the vpn concentrators internal interface. Can this be done? It just defaults to the same subnet as the internal interface.
I think the default behavior is to use the subnet of the private interface, but you can change that. Please see this description.
DHCP Network Scope - To use this feature, the VPN Concentrator must be using a DHCP server for address assignment. To configure a DHCP server, see the System | Servers | DHCP screen.
Enter the IP sub-network that the DHCP server should assign to users in this group, for example: 220.127.116.11. The DHCP Network Scope indicates to the DHCP server the range of IP addresses from which to assign addresses to users in this group.
Enter 0.0.0.0 for the default; by default, the DHCP server assigns addresses to the IP sub-network of the VPN Concentrator's private interface.
You might just verify that the VPN client userid is in the group whose DHCP scope is reconfigured. The documentation emphasizes that this change is associated with a group on the concentrator. Otherwise it will take the default.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...