Anyconnect VPN users are not getting correct DHCP lease time.
even though its configured for 5 days on windows server its gets expired in 45 mins.
Other scopes on the server are given the correct lease time. Only scope used by the ASA is having issues.
can anyone please shed some light on this issue.
Does you both DHCP doing a replication. you configuration looks good.
here this link will provide you more control if you want the DHCP to hand out the ip address according to RFC
tunnel-group NETWORKOPS type remote-access tunnel-group NETWORKOPS general-attributes dhcp-server subnet-selection (server ip) (3011) dhcp-server link-selection (server ip) (3527) authentication-server-group SecureID-SVRs authorization-server-group NETWORKOPS-LDAP authorization-server-group (INSIDE) NETWORKOPS-LDAP default-group-policy NOACCESS-GP dhcp-server 172.24.4.32 dhcp-server 172.28.144.234 authorization-required
can you try these command and show the output of them please.
! tunnel-group DefaultWEBVPNGROUP_general-attributes dhcp-server 172.24.4.32 ! debug dhcprelay packet
show logging | i IPAA
is there a solution for this problem? We have the same problem and I know it is because of the Failover Configuration of the DHCP Server itself. It looks like RA clients get the the Failover Max Client Lead Time (MCLT) instead of the configured Lease duration time.