cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1207
Views
5
Helpful
8
Replies
Highlighted
Beginner

Cisco ASA - AnyConnect clients not getting correct DHCP lease time

Hi,

 

Anyconnect VPN users are not getting correct DHCP lease time.

 

even though its configured for 5 days on windows server its gets expired in 45 mins.

 

Other scopes on the server are given the correct lease time. Only scope used by the ASA is having issues.

can anyone please shed some light on this issue.

 

regards

Sam

8 REPLIES 8
Highlighted
VIP Expert

can you provide any connect configuraiton from ASA, also DHCP Scope config screen shot (is this from ASA or DHCP windows ?)



BB


*** Rate All Helpful Responses ***

Highlighted

HI 

 

i have attched AC config and DHCP scope screen,pls advise

 

regards

Sam

Highlighted

Does you both DHCP doing a replication. you configuration looks good.

here this link will provide you more control if you want the DHCP to hand out the ip address according to RFC

 

tunnel-group NETWORKOPS type remote-access
tunnel-group NETWORKOPS general-attributes
 dhcp-server subnet-selection (server ip)      (3011)
 dhcp-server link-selection (server ip)        (3527)
 authentication-server-group SecureID-SVRs
 authorization-server-group NETWORKOPS-LDAP
 authorization-server-group (INSIDE) NETWORKOPS-LDAP
 default-group-policy NOACCESS-GP
 dhcp-server 172.24.4.32
 dhcp-server 172.28.144.234
 authorization-required

 

please do not forget to rate.
Highlighted

Hi Sheraz, 

 

Thanks for the feedback. I will check on this..

 

Regards

Sam

Highlighted

can you try these command and show the output of them please.

!
tunnel-group DefaultWEBVPNGROUP_general-attributes
 dhcp-server 172.24.4.32
!
debug dhcprelay packet
!
show logging | i IPAA

 

please do not forget to rate.
Highlighted

Hi Sheraz,

 

sure, i will check and share the log

 

Regards

Sam

Highlighted

Hi,

 

We are having the same issue.  Any fix on this?

Highlighted
Contributor

Hi there,

is there a solution for this problem? We have the same problem and I know it is because of the Failover Configuration of the DHCP Server itself. It looks like RA clients get the the Failover Max Client Lead Time (MCLT) instead of the configured Lease duration time.

Content for Community-Ad