CISCO ASA5512-K9 EXTERNAL DHCP CONFIGURATION FOR VPN CLIENTS

Hello,
Im trying to configure my cisco asa5512 to point to a dhcp server for my vpn clients.
If i configure a local pool in the asa, its able to assign ip addresses to my vpn clients with noissues. However when i configure the asa to point to the core which has the dhcp pool, its not assigning the ip addresses to my vpn clients. Is this a bug? If not can you provide me with the conf for that setup? Many thanks.
LVL 1
Ricardo Jose Jr. PalmaNetwork and Security ConsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

max_the_kingCommented:
Ricardo Jose Jr. PalmaNetwork and Security ConsultantAuthor Commented:
Hello Max, thanks for the info but that's not what im looking for. It might be that I didn't explain the scenario clearly.

Please refer below for a clearer breakdown of the issue.

My network Devices: 1x ASA 5512-K9 SSL VPN Firewall, Cisco 3560 48pt poe switch.
Device function:
1. for 3560 48pt poe switch, this is our core switch. and currently acts as the dhcp server.
2. ASA 5512-K9 is for vpn connection using SSL VPN.
Expected behavior:
1. once vpn client logs in to the network using cisco anyconnect, it goes to the vpn firewall and vpn firewall will authenticate the usename and password.

Once authenticated, VPN firewall will request for an ip address from the core switch (as mentioned acts as a dhcp server). Once core switch allocates an ip address, this will sent back to the VPN firewall, associating the ip address with the username.

Once done, vpn server will pass the authenticated username and password and ip address back to the clients pc.

Actual Behavior:
1.  (follow step1 of the expected behavior section)
2. Once authenticated, the ip address for this vpn client will be given by the local pool configured inside the VPN firewall then the ip address and the authenticated uname and password are then sent back to the vpn client.

Summary and user request:
1. DHCP ip address for SSL VPN clients should be allocated and assigned in the core switch and not via the VPN firewall's local pool.

Is this possible?
max_the_kingCommented:
Hi,
yes it should, here is an example:

 A summary of the configuration that these examples create follows:

hostname(config)# vpn-addr-assign dhcp
hostname(config)# tunnel-group firstgroup type ipsec-ra
hostname(config)# tunnel-group firstgroup general-attributes
hostname(config-general)# dhcp-server 172.33.44.19
hostname(config-general)# exit
hostname(config)# group-policy remotegroup internal
hostname(config)# group-policy remotegroup attributes
hostname(config-group-policy)# dhcp-network-scope 192.86.0.0

you can find full explanation on:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpnadd.html

hope this helps
max

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ricardo Jose Jr. PalmaNetwork and Security ConsultantAuthor Commented:
Thanks max! Really helps! Just need to read more for these basic settings.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.