cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3620
Views
5
Helpful
10
Replies

Cisco ASA - AnyConnect clients not getting correct DHCP lease time

samarthashetty
Level 1
Level 1

Hi,

 

Anyconnect VPN users are not getting correct DHCP lease time.

 

even though its configured for 5 days on windows server its gets expired in 45 mins.

 

Other scopes on the server are given the correct lease time. Only scope used by the ASA is having issues.

can anyone please shed some light on this issue.

 

regards

Sam

10 Replies 10

balaji.bandi
Hall of Fame
Hall of Fame

can you provide any connect configuraiton from ASA, also DHCP Scope config screen shot (is this from ASA or DHCP windows ?)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

HI 

 

i have attched AC config and DHCP scope screen,pls advise

 

regards

Sam

Does you both DHCP doing a replication. you configuration looks good.

here this link will provide you more control if you want the DHCP to hand out the ip address according to RFC

 

tunnel-group NETWORKOPS type remote-access
tunnel-group NETWORKOPS general-attributes
 dhcp-server subnet-selection (server ip)      (3011)
 dhcp-server link-selection (server ip)        (3527)
 authentication-server-group SecureID-SVRs
 authorization-server-group NETWORKOPS-LDAP
 authorization-server-group (INSIDE) NETWORKOPS-LDAP
 default-group-policy NOACCESS-GP
 dhcp-server 172.24.4.32
 dhcp-server 172.28.144.234
 authorization-required

 

please do not forget to rate.

Hi Sheraz, 

 

Thanks for the feedback. I will check on this..

 

Regards

Sam

can you try these command and show the output of them please.

!
tunnel-group DefaultWEBVPNGROUP_general-attributes
 dhcp-server 172.24.4.32
!
debug dhcprelay packet
!
show logging | i IPAA

 

please do not forget to rate.

Hi Sheraz,

 

sure, i will check and share the log

 

Regards

Sam

Hi,

 

We are having the same issue.  Any fix on this?

Rene Mueller
Level 5
Level 5

Hi there,

is there a solution for this problem? We have the same problem and I know it is because of the Failover Configuration of the DHCP Server itself. It looks like RA clients get the the Failover Max Client Lead Time (MCLT) instead of the configured Lease duration time.

Same issue here. 

Are there any solutions? 

TAC told me that there is no solution for this with ASA. Our had to disable failover for the VPN Scope in DHCP settings. We then splitted the scope on 2 DHCP server with upper and lower IP range.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: