I have a problem with RA VPN DHCP configuration. VPN users get IP address from the local pool just fine, but when I try to use my Windows Server 2012 R2 DHCP server, i get the following errors and it always falls back to local pool:
IPAA: Session=0x0000e000, DHCP request attempt 1 failed
IPAA: Session=0x0000e000, DHCP configured, request failed for tunnel-group 'DefaultWEBVPNGroup'
In the Windows Server side I cannot see any logs pointing to this, so I guess the request never reaches the server.
Now, what I have done as per following the documentations I could find:
- Defined DHCP -server address (172.16.0.20) in the Connection Profile
- Defined the Address Pools (172.16.10.10-172.16.10.150) in Connection Profile and Group Policy
- Defined a DHCP Network Scope (172.16.10.0) in Group Policy and in the Windows Server
It seems like the FTD cannot find the DHCP server, but my DHCP Relay settings are working just fine for the same server. Any advice? Thanks.
I'm running the latest version 22.214.171.124.
I enabled debugging for error, event and packet but connecting the VPN client does not produce any debug log entries. I can see other dhcp relay debug logs just fine. Again I just get the same error in the logs:
Any advice on what to do next? It seems like the FTD is not making the dhcp request at all for the RA VPN. Although in the log I can find "DHCP Configured".
All the routing is done in the FTD device, I only have layer 2 switches. On the FTD I only have the default route atm.
Packet capture on the DHCP server doesn't show any traffic originating from the FTD IP.