cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

280
Views
0
Helpful
5
Replies
Beginner

FTD RA VPN - DHCP Server configuration not working

Hi.

I have a problem with RA VPN DHCP configuration. VPN users get IP address from the local pool just fine, but when I try to use my Windows Server 2012 R2 DHCP server, i get the following errors and it always falls back to local pool:

 

IPAA: Session=0x0000e000, DHCP request attempt 1 failed

IPAA: Session=0x0000e000, DHCP configured, request failed for tunnel-group 'DefaultWEBVPNGroup'

IPAA: Session=0x0000e000, Client assigned 172.16.10.13 from local pool VPN_user

IPAA: Session=0x0000e000, Local pool request succeeded for tunnel-group 'DefaultWEBVPNGroup'

 

In the Windows Server side I cannot see any logs pointing to this, so I guess the request never reaches the server.

 

Now, what I have done as per following the documentations I could find:

- Defined DHCP -server address (172.16.0.20) in the Connection Profile

- Defined the Address Pools (172.16.10.10-172.16.10.150) in Connection Profile and Group Policy

- Defined a DHCP Network Scope (172.16.10.0) in Group Policy and in the Windows Server

 

It seems like the FTD cannot find the DHCP server, but my DHCP Relay settings are working just fine for the same server. Any advice? Thanks.

5 REPLIES 5
RJI Advisor
Advisor

Re: FTD RA VPN - DHCP Server configuration not working

Hi,
I recently setup FTD RAVPN (v6.4.5) with DHCP and it worked first time without issue, so special configuration that I can recall. Which FTD version are you running?

To troubleshoot run a packet capture on the server end and see if the DHCP server receives the DHCP "discover" packet from the FTD. Enable DHCP debugging on the FTD (debug dhcprelay error|event|packet) - and check to see if the DHCP request was even made. Upload the debug output for review if necessary.
Beginner

Re: FTD RA VPN - DHCP Server configuration not working

Hi.

 

I'm running the latest version 6.5.0.2. 

 

I enabled debugging for error, event and packet but connecting the VPN client does not produce any debug log entries. I can see other dhcp relay debug logs just fine. Again I just get the same error in the logs:

 

IPAA: Session=0x00020000, DHCP request attempt 1 failed

IPAA: Session=0x00020000, DHCP configured, request failed for tunnel-group 'DefaultWEBVPNGroup'

 

 

Highlighted
Beginner

Re: FTD RA VPN - DHCP Server configuration not working

Any advice on what to do next? It seems like the FTD is not making the dhcp request at all for the RA VPN. Although in the log I can find "DHCP Configured".

RJI Advisor
Advisor

Re: FTD RA VPN - DHCP Server configuration not working

Do you have a route on your core switch for the RAVPN subnet pointing to the FTD?
Did you run a packet capture on the DHCP server? Did you see any DHCP Discover packets from the FTD IP address?
Beginner

Re: FTD RA VPN - DHCP Server configuration not working

Hi.

 

All the routing is done in the FTD device, I only have layer 2 switches. On the FTD I only have the default route atm.

 

Packet capture on the DHCP server doesn't show any traffic originating from the FTD IP.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here