I have a doubt.
One of my customer is asking me to configure ipsec remote access vpn with cisco asa 8.0 ios and cisoc 877 router.
The requirement is that the client should get the ip address through HO's DHCP server.
I doubt whether this is possible or not.
Any ideas greatly appreciated.
This is easy to implement, see the below config example
I can understand needing to have a DHCP address assigned from the HO DHCP server, and it follows the ASA will be there.
Question - how will a remote site router, have connectivity to the HO to then be able to assign an IP address???
the customer wants to know both the things...
Through asa we can provide the ip address through the dhcp server using the link which you gave.
but the customer also wants to know that whether the same this is possible on a router also instead of cisco asa at HO.
cisco 877 ---> ipsec vpn----> cisco 2800 ----> dhcp server.
If a client is on the LAN of the 877 and requires an IP address from the HO - then should work into the IPSEC VPN.
If you are asking if the 877 is configured for VPN client access, and you want to have an IP address assigned to the VPN client,
connected to the 877 from the HO over an IPSEC VPN, then I cannot see why you would want this.
No, I need the ip for the users behind cisco 877 through the HO DHCP server using 2800 router as vpn server.
is it possible?
Yes this is possible - just use the "ip helper-address x.x.x.x" command on the interface connected to the 877 LAN.
x.x.x.x is the IP address of the DHCP server.
are you sure about this?
Will it work. i have opened a tac also for this..let me see what they reply.
As long as there is IP network connectivity between the 877 and the HO DHCP server it should work.
What the IP helper-address bascially does, is forward a UDP broadcasts. So when the DHCP server recevies the DHCP request,
from the router it will reply with an IP offer but send it directly to the routers LAN IP adddress. Since this is a unicast traffic flow so it should work.
we are not getting ip address even if we try to give "ip helper-address" of the dhcp server behind the HO ezvpn router
You place the IP helper-address command on the nearest interface from the usrs requesting a DHCP IP. So this needs
to be configured on the remote router. In the case of the remove VPN users, you need to define the DHCP server IP address in the ASA.