How to assign addresses using dhcp to vpn-clients?
I’m trying to configure DHCP for an IPSec VPN on an ASA5510 8.2(1), but just can’t get it to work.
On the same ASA5510, I have about 20 working IPSec peers, using either EasyVPN (with nem) or local pool addresses. The new tunnel -group I’m configuring is the first that must use DHCP because I’ll have to provide clients (IP Phones) with more information than just an address.
The server is used by other systems as well so I’m certain it’s working properly. In fact, ASA5510 uses it for radius which rules out any internal communication issues.
tunnel-group vpnphone general-attributes
group-policy vpnphone-policy attributes
<132>:Mar 11 10:26:54 CEST: %ASA-ipaa-4-737019: IPAA: Unable to get address from group-policy or tunnel-group local pools
Re: How to assign addresses using dhcp to vpn-clients?
It’s an internal group.
Anyway, it seems like the problem solved itself a few minutes ago. There was an old unused dhcp-server in the configuration that used to be dhcp-relay target. When I removed the server definition, dhcp immediately began to work. This is obviously a bug.
Nevertheless, thank you for taking time looking into my problem.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...