Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4113
Views
0
Helpful
3
Replies

DHCP relay for VPN SSL users (ASA)

Go to solution
ngorenko
Level 1
Level 1

‎03-24-2010 09:20 AM

I have ASA 5520 as vpn termination point. In front of asa there is firewall that translates the public ip to private and pass the SSL traffic to ASA. I configured DHCP relay to get IP for home users from Windows DHCP server:

dhcprelay server 10.100.2.101 inside

dhcprelay enable vpn

dhcprelay setroute vpn

and it does not work. with local pool it works fine. Shall I do something else? When I switch on debug there is no any activity.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Yudong Wu
Level 7
Level 7

‎03-24-2010 03:34 PM

Are you trying to assign IP to SSL vpn client by using DHCP server?

If yes, you don't need those commands which are listed in your post.

Basically, you need define dhcp server in tunnel-group and dhcp-network-scope in group-policy.

Here is an example for Ipsec client. The setup should be similar.

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_example09186a0080a66bc6.shtml

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Yudong Wu
Level 7
Level 7

‎03-24-2010 03:34 PM

Are you trying to assign IP to SSL vpn client by using DHCP server?

If yes, you don't need those commands which are listed in your post.

Basically, you need define dhcp server in tunnel-group and dhcp-network-scope in group-policy.

Here is an example for Ipsec client. The setup should be similar.

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_example09186a0080a66bc6.shtml

0 Helpful

Go to solution
ngorenko
Level 1
Level 1
In response to Yudong Wu

‎03-25-2010 12:37 AM

Thank you for advice.

Actually I had these commands in my configuration, but together with global dhcp relay it did not work. After I removed DHCP relay from interface, I could get ip address assignment from DHCP server for SSL VPN clients.

Now I have another problem: I could get only ip address, but not any other options: dns, default gateway, proxy settings etc. The client pc shows that dhcp not enebled on the client. Can I change this settings in the ASA configuration?

0 Helpful

Go to solution
Yudong Wu
Level 7
Level 7
In response to ngorenko

‎03-25-2010 10:55 AM

I don't think the vpn client will get default gw, dns from dhcp server.

After tunnel is up, you can use "route print" on client to check the routing. Some necessary routing for VPN traffic should be automatically added already.

You can add dns info in related group policy by "dns-server" command.

I am not sure about proxy.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents