Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

CISCO ASA5512-K9 EXTERNAL DHCP CONFIGURATION FOR VPN CLIENTS

Posted on 2014-01-07
4
Medium Priority
?
1,425 Views
Last Modified: 2014-01-08
Hello,
Im trying to configure my cisco asa5512 to point to a dhcp server for my vpn clients.
If i configure a local pool in the asa, its able to assign ip addresses to my vpn clients with noissues. However when i configure the asa to point to the core which has the dhcp pool, its not assigning the ip addresses to my vpn clients. Is this a bug? If not can you provide me with the conf for that setup? Many thanks.
0
Comment
Question by:Ahricomambo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:max_the_king
ID: 39764614
0
 

Author Comment

by:Ahricomambo
ID: 39764799
Hello Max, thanks for the info but that's not what im looking for. It might be that I didn't explain the scenario clearly.

Please refer below for a clearer breakdown of the issue.

My network Devices: 1x ASA 5512-K9 SSL VPN Firewall, Cisco 3560 48pt poe switch.
Device function:
1. for 3560 48pt poe switch, this is our core switch. and currently acts as the dhcp server.
2. ASA 5512-K9 is for vpn connection using SSL VPN.
Expected behavior:
1. once vpn client logs in to the network using cisco anyconnect, it goes to the vpn firewall and vpn firewall will authenticate the usename and password.

Once authenticated, VPN firewall will request for an ip address from the core switch (as mentioned acts as a dhcp server). Once core switch allocates an ip address, this will sent back to the VPN firewall, associating the ip address with the username.

Once done, vpn server will pass the authenticated username and password and ip address back to the clients pc.

Actual Behavior:
1.  (follow step1 of the expected behavior section)
2. Once authenticated, the ip address for this vpn client will be given by the local pool configured inside the VPN firewall then the ip address and the authenticated uname and password are then sent back to the vpn client.

Summary and user request:
1. DHCP ip address for SSL VPN clients should be allocated and assigned in the core switch and not via the VPN firewall's local pool.

Is this possible?
0
 
LVL 17

Accepted Solution

by:
max_the_king earned 2000 total points
ID: 39764815
Hi,
yes it should, here is an example:

 A summary of the configuration that these examples create follows:

hostname(config)# vpn-addr-assign dhcp
hostname(config)# tunnel-group firstgroup type ipsec-ra
hostname(config)# tunnel-group firstgroup general-attributes
hostname(config-general)# dhcp-server 172.33.44.19
hostname(config-general)# exit
hostname(config)# group-policy remotegroup internal
hostname(config)# group-policy remotegroup attributes
hostname(config-group-policy)# dhcp-network-scope 192.86.0.0

you can find full explanation on:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpnadd.html

hope this helps
max
0
 

Author Closing Comment

by:Ahricomambo
ID: 39765068
Thanks max! Really helps! Just need to read more for these basic settings.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question