Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
876
Views
0
Helpful
2
Replies

DHCP-relay for AnyConnect on IOS router

Go to solution
Mike-Zimmermann
Level 1
Level 1

‎12-08-2020 08:45 AM

Hi,

What do I have to configure on an IOS router, so that the DHCP request from an AnyConnect client are forwarded to a Microsoft DHCP server. Is that even possible or does it work only with a local IP pool (ip local pool POOL-NAME START-IP END-IP)

 

I’ve tried the following configuration, but the client doesn’t get an IP address from the DHCP server  and still uses the local IP address pool. When I remove the pool command, no AnyConnect connection to the router is possible.

 

crypto ikev2 authorization policy ikev2-author-policy_AnyConnect

 pool pool_AnyConnect

 dhcp server 10.131.5.98 <- DHCP server IP is reachable from the router

 dhcp giaddr 10.131.10.0 <- scope for the AnyConnect clients is created and active on the DHCP server

 dhcp timeout 10

 dns 10.131.5.99

 netmask 255.255.255.0

 def-domain DOMAIN-NAME

 route set access-list acl_split-tunnel

 

ip local pool pool_AnyConnect 10.131.8.128 10.131.8.254

 

Thank you in advance for the help!

 

Mike

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rene Mueller
Level 5
Level 5

‎12-09-2020 02:36 AM

You need to add a Loopback Interface with an IP from the VPN Subnet. You also need to use this IP for command dhcp giaddr. Remove pool pool_AnyConnect from this subconfig. Netmask is also not necessary as this parameter comes from DHCP Server. You need DNS and def-domain settings as DHCP will only offer you an IP/Subnet.

 

Your config should look like this:

 

interface Loopback1
description VPN Loopback
ip address 10.131.10.1 255.255.255.0
!
crypto ikev2 authorization policy ikev2-author-policy_AnyConnect
 dhcp server 10.131.5.98
 dhcp giaddr 10.131.10.1
 dhcp timeout 10
 dns 10.131.5.99 
 def-domain DOMAIN-NAME
 route set access-list acl_split-tunnel

You can troubleshoot this by enabling DHCP client activity debugging > debug dhcp

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
MHM Cisco World
VIP
VIP

‎12-08-2020 05:51 PM

RFC 3011
RFC 3527
this RCF need for DHCP to work with VPN client, 
I really don't know exactly how it work but I will be interest to make your config work.
so enable this option in DHCP server, and from my site i will try to find any example of DHCP with router IOS any connect.

0 Helpful

Go to solution
Rene Mueller
Level 5
Level 5

‎12-09-2020 02:36 AM

You need to add a Loopback Interface with an IP from the VPN Subnet. You also need to use this IP for command dhcp giaddr. Remove pool pool_AnyConnect from this subconfig. Netmask is also not necessary as this parameter comes from DHCP Server. You need DNS and def-domain settings as DHCP will only offer you an IP/Subnet.

 

Your config should look like this:

 

interface Loopback1
description VPN Loopback
ip address 10.131.10.1 255.255.255.0
!
crypto ikev2 authorization policy ikev2-author-policy_AnyConnect
 dhcp server 10.131.5.98
 dhcp giaddr 10.131.10.1
 dhcp timeout 10
 dns 10.131.5.99 
 def-domain DOMAIN-NAME
 route set access-list acl_split-tunnel

You can troubleshoot this by enabling DHCP client activity debugging > debug dhcp

 

0 Helpful
Customers Also Viewed These Support Documents