Solved

CISCO ASA5512-K9 EXTERNAL DHCP CONFIGURATION FOR VPN CLIENTS

Posted on 2014-01-07
4
1,317 Views
Last Modified: 2014-01-08
Hello,
Im trying to configure my cisco asa5512 to point to a dhcp server for my vpn clients.
If i configure a local pool in the asa, its able to assign ip addresses to my vpn clients with noissues. However when i configure the asa to point to the core which has the dhcp pool, its not assigning the ip addresses to my vpn clients. Is this a bug? If not can you provide me with the conf for that setup? Many thanks.
0
Comment
Question by:Ahricomambo
  • 2
  • 2
4 Comments
 
LVL 15

Expert Comment

by:max_the_king
ID: 39764614
0
 

Author Comment

by:Ahricomambo
ID: 39764799
Hello Max, thanks for the info but that's not what im looking for. It might be that I didn't explain the scenario clearly.

Please refer below for a clearer breakdown of the issue.

My network Devices: 1x ASA 5512-K9 SSL VPN Firewall, Cisco 3560 48pt poe switch.
Device function:
1. for 3560 48pt poe switch, this is our core switch. and currently acts as the dhcp server.
2. ASA 5512-K9 is for vpn connection using SSL VPN.
Expected behavior:
1. once vpn client logs in to the network using cisco anyconnect, it goes to the vpn firewall and vpn firewall will authenticate the usename and password.

Once authenticated, VPN firewall will request for an ip address from the core switch (as mentioned acts as a dhcp server). Once core switch allocates an ip address, this will sent back to the VPN firewall, associating the ip address with the username.

Once done, vpn server will pass the authenticated username and password and ip address back to the clients pc.

Actual Behavior:
1.  (follow step1 of the expected behavior section)
2. Once authenticated, the ip address for this vpn client will be given by the local pool configured inside the VPN firewall then the ip address and the authenticated uname and password are then sent back to the vpn client.

Summary and user request:
1. DHCP ip address for SSL VPN clients should be allocated and assigned in the core switch and not via the VPN firewall's local pool.

Is this possible?
0
 
LVL 15

Accepted Solution

by:
max_the_king earned 500 total points
ID: 39764815
Hi,
yes it should, here is an example:

 A summary of the configuration that these examples create follows:

hostname(config)# vpn-addr-assign dhcp
hostname(config)# tunnel-group firstgroup type ipsec-ra
hostname(config)# tunnel-group firstgroup general-attributes
hostname(config-general)# dhcp-server 172.33.44.19
hostname(config-general)# exit
hostname(config)# group-policy remotegroup internal
hostname(config)# group-policy remotegroup attributes
hostname(config-group-policy)# dhcp-network-scope 192.86.0.0

you can find full explanation on:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpnadd.html

hope this helps
max
0
 

Author Closing Comment

by:Ahricomambo
ID: 39765068
Thanks max! Really helps! Just need to read more for these basic settings.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now