Anyconnect VPN client, NPS and DHCP

Hey Guys!

Trying to get our VPN clients to authenticate through NPS (works swimmingly) and receive a DHCP address handed out by Windows server (not possible).  I would like this to pull from a separate scope but I'm just trying to get anything at this point.

I'm able to have NPS assign a static IP address to the client, but whenever select any of the other options in the policy, the assignment tanks.

What am I missing?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CruizectrlAuthor Commented:
I also wanted to add, that I'm able to authenticate LOCAL and use our 2008 server for DHCP swimmingly, but only if I use our main scope.  I created a separate VPN scope to use, but I'm having trouble figuring out how to get our authenticating clients to take a address from that pool.
bbaoIT ConsultantCommented:
>  I created a separate VPN scope to use,

in the same subnet (the same network and mask of the main scope?
CruizectrlAuthor Commented:
So my internal clients are pulling 10.228.x.x and I would like my VPN clients to pull 10.221.x.x.

Later down the road, I would manage dhcp for our remote tunnel site which has 10.229.x.x
Pete LongTechnical ConsultantCommented:
You can set the AnyConenct clients to use a different scope but the address declared on the firewall needs to be routable from the DHCP server!

AnyConnect Client Fails To Get IP From Windows DHCP Server


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CruizectrlAuthor Commented:
Of course it was something stupid.

The dhcp-network-scope needs to be an actual IP inside the scope range.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.