cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
109
Views
0
Helpful
2
Replies
Highlighted

DHCP-relay for AnyConnect on IOS router

Hi,

What do I have to configure on an IOS router, so that the DHCP request from an AnyConnect client are forwarded to a Microsoft DHCP server. Is that even possible or does it work only with a local IP pool (ip local pool POOL-NAME START-IP END-IP)

 

I’ve tried the following configuration, but the client doesn’t get an IP address from the DHCP server  and still uses the local IP address pool. When I remove the pool command, no AnyConnect connection to the router is possible.

 

crypto ikev2 authorization policy ikev2-author-policy_AnyConnect

 pool pool_AnyConnect

 dhcp server 10.131.5.98 <- DHCP server IP is reachable from the router

 dhcp giaddr 10.131.10.0 <- scope for the AnyConnect clients is created and active on the DHCP server

 dhcp timeout 10

 dns 10.131.5.99

 netmask 255.255.255.0

 def-domain DOMAIN-NAME

 route set access-list acl_split-tunnel

 

ip local pool pool_AnyConnect 10.131.8.128 10.131.8.254

 

Thank you in advance for the help!

 

Mike

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Contributor

You need to add a Loopback Interface with an IP from the VPN Subnet. You also need to use this IP for command dhcp giaddr. Remove pool pool_AnyConnect from this subconfig. Netmask is also not necessary as this parameter comes from DHCP Server. You need DNS and def-domain settings as DHCP will only offer you an IP/Subnet.

 

Your config should look like this:

 

interface Loopback1
description VPN Loopback
ip address 10.131.10.1 255.255.255.0
!
crypto ikev2 authorization policy ikev2-author-policy_AnyConnect dhcp server 10.131.5.98 dhcp giaddr 10.131.10.1 dhcp timeout 10 dns 10.131.5.99 def-domain DOMAIN-NAME route set access-list acl_split-tunnel

You can troubleshoot this by enabling DHCP client activity debugging > debug dhcp

 

View solution in original post

2 REPLIES 2
Highlighted
Rising star

RFC 3011
RFC 3527
this RCF need for DHCP to work with VPN client, 
I really don't know exactly how it work but I will be interest to make your config work.
so enable this option in DHCP server, and from my site i will try to find any example of DHCP with router IOS any connect.

Highlighted
Contributor

You need to add a Loopback Interface with an IP from the VPN Subnet. You also need to use this IP for command dhcp giaddr. Remove pool pool_AnyConnect from this subconfig. Netmask is also not necessary as this parameter comes from DHCP Server. You need DNS and def-domain settings as DHCP will only offer you an IP/Subnet.

 

Your config should look like this:

 

interface Loopback1
description VPN Loopback
ip address 10.131.10.1 255.255.255.0
!
crypto ikev2 authorization policy ikev2-author-policy_AnyConnect dhcp server 10.131.5.98 dhcp giaddr 10.131.10.1 dhcp timeout 10 dns 10.131.5.99 def-domain DOMAIN-NAME route set access-list acl_split-tunnel

You can troubleshoot this by enabling DHCP client activity debugging > debug dhcp

 

View solution in original post

Content for Community-Ad