Solved

What VPN DHCP solution do you use?

Posted on 2014-12-14
3
111 Views
Last Modified: 2016-01-16
Hi, just wondering what DHCP VPN solution people use for their DNS resolution on VPN remote client.
Currently, we use Cisco ASA and Vital QIP with option 61(client ID).

Initially, Cisco ASA did not support QIP DHCP, but they came up with their workaround as below:
https://tools.cisco.com/quickview/bug/CSCsr96775 - this is published on May 2014.

Above workaround suggests to use DHCP proxy with ClientID feature. However, as [QIP DHCP known bugs and fixes] states, it looks like some of VPN DHCP related bugs not even scheduled to fix yet - The latest bug doc is written 12-1-2014.

How do you support DHCP and DNS resolution for VPN remote users ?
Please share any thought and advice. I am having lots of trouble to utilize Cisco ASA dhcp proxy with Vital QIP.
0
Comment
Question by:ejh3an9
3 Comments
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 500 total points
ID: 40499576
My ASA hands out the IP addresses. I have VPN profiles to determine which address pool the user gets an address from. For example, regular users get addresses from one pool, and power users get addresses from another pool.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40500411
What kevinhsieh said.  And within the group configuration I define whatever DNS servers the inside individuals use.
0
 

Expert Comment

by:Cire Mik
ID: 41416304
Some version of QIP DHCP have MAC address/Client ID related issues. It would not show in the typical DHCP request traffic but as it gets more DHCP request loads from ASA ,using DHCP proxy, it eventually crashes QIP DB - this known issue has been fixed in the latest QDHCP module. Also, do not forget to turn on your Client ID feature on the DHCP server this is more-like server level change.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now