Solved

CISCO ASA5512-K9 EXTERNAL DHCP CONFIGURATION FOR VPN CLIENTS

Posted on 2014-01-07
4
1,366 Views
Last Modified: 2014-01-08
Hello,
Im trying to configure my cisco asa5512 to point to a dhcp server for my vpn clients.
If i configure a local pool in the asa, its able to assign ip addresses to my vpn clients with noissues. However when i configure the asa to point to the core which has the dhcp pool, its not assigning the ip addresses to my vpn clients. Is this a bug? If not can you provide me with the conf for that setup? Many thanks.
0
Comment
Question by:Ahricomambo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 16

Expert Comment

by:max_the_king
ID: 39764614
0
 

Author Comment

by:Ahricomambo
ID: 39764799
Hello Max, thanks for the info but that's not what im looking for. It might be that I didn't explain the scenario clearly.

Please refer below for a clearer breakdown of the issue.

My network Devices: 1x ASA 5512-K9 SSL VPN Firewall, Cisco 3560 48pt poe switch.
Device function:
1. for 3560 48pt poe switch, this is our core switch. and currently acts as the dhcp server.
2. ASA 5512-K9 is for vpn connection using SSL VPN.
Expected behavior:
1. once vpn client logs in to the network using cisco anyconnect, it goes to the vpn firewall and vpn firewall will authenticate the usename and password.

Once authenticated, VPN firewall will request for an ip address from the core switch (as mentioned acts as a dhcp server). Once core switch allocates an ip address, this will sent back to the VPN firewall, associating the ip address with the username.

Once done, vpn server will pass the authenticated username and password and ip address back to the clients pc.

Actual Behavior:
1.  (follow step1 of the expected behavior section)
2. Once authenticated, the ip address for this vpn client will be given by the local pool configured inside the VPN firewall then the ip address and the authenticated uname and password are then sent back to the vpn client.

Summary and user request:
1. DHCP ip address for SSL VPN clients should be allocated and assigned in the core switch and not via the VPN firewall's local pool.

Is this possible?
0
 
LVL 16

Accepted Solution

by:
max_the_king earned 500 total points
ID: 39764815
Hi,
yes it should, here is an example:

 A summary of the configuration that these examples create follows:

hostname(config)# vpn-addr-assign dhcp
hostname(config)# tunnel-group firstgroup type ipsec-ra
hostname(config)# tunnel-group firstgroup general-attributes
hostname(config-general)# dhcp-server 172.33.44.19
hostname(config-general)# exit
hostname(config)# group-policy remotegroup internal
hostname(config)# group-policy remotegroup attributes
hostname(config-group-policy)# dhcp-network-scope 192.86.0.0

you can find full explanation on:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpnadd.html

hope this helps
max
0
 

Author Closing Comment

by:Ahricomambo
ID: 39765068
Thanks max! Really helps! Just need to read more for these basic settings.
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question