Solved: Moving AnyConnect on ASA from internal pool to DHCP

ABaker94985 · ‎07-20-2022

We're having a problem with PTR records not being scavenged by our DNS server for users connecting through AnyConnect. We're planning on moving away from the local pool to a DHCP server, but I'm not find much info. Does the following configuration look OK, or do we need to adjust?

When using the local pool, the ASA handed out 172.16.192.1 as the clients' gateway, but with DHCP moving to a separate server, what will the gateway need to be?

Thanks

ip local pool VPN 172.16.192.10-172.16.192.255 mask 255.255.255.0

group-policy GroupPolicy_MFA attributes
no address-pools value VPN

tunnel-group MFA general-attributes
no address-pool VPN
dhcprelay server 10.1.0.8
dhcprelay setroute inside

Rob Ingram · ‎07-20-2022

@ABaker94985 example below, amend the dhcp-network-scope to fit your network.

group-policy GroupPolicy_MFA attributes
 dhcp-network-scope 192.168.16.0
tunnel-group MFA general-attributes
 dhcp-server 10.1.0.8
 default-group-policy GroupPolicy_MFA

Further information: https://integratingit.wordpress.com/2022/02/06/asa-anyconnect-vpn-dhcp-address-assignment/

View solution in original post

Rob Ingram · ‎07-20-2022

@ABaker94985 example below, amend the dhcp-network-scope to fit your network.

group-policy GroupPolicy_MFA attributes
 dhcp-network-scope 192.168.16.0
tunnel-group MFA general-attributes
 dhcp-server 10.1.0.8
 default-group-policy GroupPolicy_MFA

Further information: https://integratingit.wordpress.com/2022/02/06/asa-anyconnect-vpn-dhcp-address-assignment/

ABaker94985 · ‎07-21-2022

I appreciate the info as always.