Use internal DHCP server to supply IP address (and other stuff)
Cisco ASA 5520, ASDM 6.2
I have a remote access IPSEC tunnel group set up and am able to get connected from the Cisco client OK.
I would however like to use our internal DHCP server to supply config info to the client (IP, WINS, DNS etc).
I am a little foggy on how to do this though. I've read several cisco docs, firstly setting up the ASA as a DHCP server on an interface...NOT what I want. Then I looked at DHCP relay...
Is DHCP relay the correct way to set this up? And if so, what interface do I set it up on? (inside, outside, both?)
In ASDM I see that I can set the address for a DHCP server in the tunnel group config but that seems to have no effect. If I don't specify an address pool, the vpn fails with an error that no IP address could be assigned.
Re: Use internal DHCP server to supply IP address (and other stu
So I read more into the vpn-addr-assign command and here is what think, yes it is a global config command and using vpn-addr-assign dhcp means that the dhcp server that you assign under the tunnel group. I found this here:
Will point that tunnel group to whatever dhcp you want. So if you want some clients to use the DHCP of the ASA then set the DHCP to the inside interface of the router or at least I think that should work, never tried this myself. So even though you can't change that setting per tunnel group I don't think you need to.
As for the ASDM I could not find the specific place that it changes this, but I think the DHCP scope might change it in some way, but I am not sure.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...