FTD RA VPN - DHCP Server configuration not working - Page 2

Elpakko · ‎01-06-2020

Hi.

I have a problem with RA VPN DHCP configuration. VPN users get IP address from the local pool just fine, but when I try to use my Windows Server 2012 R2 DHCP server, i get the following errors and it always falls back to local pool:

IPAA: Session=0x0000e000, DHCP request attempt 1 failed

IPAA: Session=0x0000e000, DHCP configured, request failed for tunnel-group 'DefaultWEBVPNGroup'

IPAA: Session=0x0000e000, Client assigned 172.16.10.13 from local pool VPN_user

IPAA: Session=0x0000e000, Local pool request succeeded for tunnel-group 'DefaultWEBVPNGroup'

In the Windows Server side I cannot see any logs pointing to this, so I guess the request never reaches the server.

Now, what I have done as per following the documentations I could find:

- Defined DHCP -server address (172.16.0.20) in the Connection Profile

- Defined the Address Pools (172.16.10.10-172.16.10.150) in Connection Profile and Group Policy

- Defined a DHCP Network Scope (172.16.10.0) in Group Policy and in the Windows Server

It seems like the FTD cannot find the DHCP server, but my DHCP Relay settings are working just fine for the same server. Any advice? Thanks.

Alfredo_1 · ‎06-09-2025

In our case, it turns out the Microsoft DHCP server requires the VPN appliance to be authorized. Otherwise the Microsoft DHCP server will consider the FTD appliance a rogue relay and ignore requests.

More info at https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-subnet-options