04-29-2020 09:30 AM
Hi,
Anyconnect VPN users are not getting correct DHCP lease time.
even though its configured for 5 days on windows server its gets expired in 45 mins.
Other scopes on the server are given the correct lease time. Only scope used by the ASA is having issues.
can anyone please shed some light on this issue.
regards
Sam
04-29-2020 10:18 AM
can you provide any connect configuraiton from ASA, also DHCP Scope config screen shot (is this from ASA or DHCP windows ?)
04-30-2020 05:49 AM
04-30-2020 06:07 AM
Does you both DHCP doing a replication. you configuration looks good.
here this link will provide you more control if you want the DHCP to hand out the ip address according to RFC
tunnel-group NETWORKOPS type remote-access tunnel-group NETWORKOPS general-attributes dhcp-server subnet-selection (server ip) (3011) dhcp-server link-selection (server ip) (3527) authentication-server-group SecureID-SVRs authorization-server-group NETWORKOPS-LDAP authorization-server-group (INSIDE) NETWORKOPS-LDAP default-group-policy NOACCESS-GP dhcp-server 172.24.4.32 dhcp-server 172.28.144.234 authorization-required
04-30-2020 11:04 AM
Hi Sheraz,
Thanks for the feedback. I will check on this..
Regards
Sam
04-30-2020 12:07 PM - edited 04-30-2020 03:09 PM
can you try these command and show the output of them please.
! tunnel-group DefaultWEBVPNGROUP_general-attributes dhcp-server 172.24.4.32 ! debug dhcprelay packet
!
show logging | i IPAA
05-01-2020 04:10 AM
Hi Sheraz,
sure, i will check and share the log
Regards
Sam
06-22-2020 09:47 AM
Hi,
We are having the same issue. Any fix on this?
01-06-2021 09:46 AM
Hi there,
is there a solution for this problem? We have the same problem and I know it is because of the Failover Configuration of the DHCP Server itself. It looks like RA clients get the the Failover Max Client Lead Time (MCLT) instead of the configured Lease duration time.
09-23-2021 11:34 AM
Same issue here.
Are there any solutions?
10-07-2021 09:02 AM
TAC told me that there is no solution for this with ASA. Our had to disable failover for the VPN Scope in DHCP settings. We then splitted the scope on 2 DHCP server with upper and lower IP range.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide