?
Solved

CISCO ASA5512-K9 EXTERNAL DHCP CONFIGURATION FOR VPN CLIENTS

Posted on 2014-01-07
4
Medium Priority
?
1,394 Views
Last Modified: 2014-01-08
Hello,
Im trying to configure my cisco asa5512 to point to a dhcp server for my vpn clients.
If i configure a local pool in the asa, its able to assign ip addresses to my vpn clients with noissues. However when i configure the asa to point to the core which has the dhcp pool, its not assigning the ip addresses to my vpn clients. Is this a bug? If not can you provide me with the conf for that setup? Many thanks.
0
Comment
Question by:Ahricomambo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 16

Expert Comment

by:max_the_king
ID: 39764614
0
 

Author Comment

by:Ahricomambo
ID: 39764799
Hello Max, thanks for the info but that's not what im looking for. It might be that I didn't explain the scenario clearly.

Please refer below for a clearer breakdown of the issue.

My network Devices: 1x ASA 5512-K9 SSL VPN Firewall, Cisco 3560 48pt poe switch.
Device function:
1. for 3560 48pt poe switch, this is our core switch. and currently acts as the dhcp server.
2. ASA 5512-K9 is for vpn connection using SSL VPN.
Expected behavior:
1. once vpn client logs in to the network using cisco anyconnect, it goes to the vpn firewall and vpn firewall will authenticate the usename and password.

Once authenticated, VPN firewall will request for an ip address from the core switch (as mentioned acts as a dhcp server). Once core switch allocates an ip address, this will sent back to the VPN firewall, associating the ip address with the username.

Once done, vpn server will pass the authenticated username and password and ip address back to the clients pc.

Actual Behavior:
1.  (follow step1 of the expected behavior section)
2. Once authenticated, the ip address for this vpn client will be given by the local pool configured inside the VPN firewall then the ip address and the authenticated uname and password are then sent back to the vpn client.

Summary and user request:
1. DHCP ip address for SSL VPN clients should be allocated and assigned in the core switch and not via the VPN firewall's local pool.

Is this possible?
0
 
LVL 16

Accepted Solution

by:
max_the_king earned 2000 total points
ID: 39764815
Hi,
yes it should, here is an example:

 A summary of the configuration that these examples create follows:

hostname(config)# vpn-addr-assign dhcp
hostname(config)# tunnel-group firstgroup type ipsec-ra
hostname(config)# tunnel-group firstgroup general-attributes
hostname(config-general)# dhcp-server 172.33.44.19
hostname(config-general)# exit
hostname(config)# group-policy remotegroup internal
hostname(config)# group-policy remotegroup attributes
hostname(config-group-policy)# dhcp-network-scope 192.86.0.0

you can find full explanation on:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpnadd.html

hope this helps
max
0
 

Author Closing Comment

by:Ahricomambo
ID: 39765068
Thanks max! Really helps! Just need to read more for these basic settings.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question