cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

885
Views
0
Helpful
5
Replies

Pix 515E VPN DHCP External / IP-Helper

Cisco PIX Security Appliance Software Version 8.0(2)

Device Manager Version 6.1(5)51

                  

Cisco PIX Security Appliance Software Version 8.0(2)
Device Manager Version 6.1(5)51

Running VPN on this device with an internal DHCP Pool

tunnel-group JVusergroup type remote-access
tunnel-group JVusergroup general-attributes
address-pool JVusergroup-DHCP-Pool

I would like to use an external DHCP insted of the pix itselvf. How do I relay (IP-helper) DHCP request on the VPN policy to an external DHCP-server?

Best Regards,

Steffen.

1 ACCEPTED SOLUTION

Accepted Solutions

You can't use DHCP reservation for VPN IP assignment.

You can assign specific IP Address to specific user if you use PIX internal DB for authentication.

In your case, since you are using Radius server for authentication, you can configure your radius server to assign VPN IP address, and you would need to change the VPN address assignment method on the ASA to:

vpn-addr-assign aaa

View solution in original post

5 REPLIES 5
Jennifer Halim
Cisco Employee

Enable DHCP as the vpn address assignment:

vpn-addr-assign dhcp

Doc: http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/uz.html#wp1594364

And also configure the DHCP server and DHCP scope that you would like to use as stated in the above document:

tunnel-group JVusergroup general-attributes

     dhcp-server

And dhcp-network-scope to be configured on your group-policy.

Hope this helps.

Hi Jennifer

Thank you for the reply :-)

Du you also know if it is possible to make a DHCP resevation in the internal DHCP pool on the PIX 515e? Here is how the DHCP pool is configured today:

ip local pool JVusergroup-DHCP-Pool 10.31.10.10-10.31.10.254 mask 255.255.255.0

But I can't figure out how to make a reservation in that internal pool.

Regards, Steffen.

What do you mean by reservation for the internal pool?

Do you mean one unique pool to be assigned to one group? or do you mean each user will have a statically assigned ip address?

Also, what is your authentication method? local DB on PIX or external radius/tacacs server?

Authentication Exxternal RADIUS.

I Would like to make a DHCP reservation, so that my computer alway obtain the same IP address from the DHCP when connected to the VPN.

You can't use DHCP reservation for VPN IP assignment.

You can assign specific IP Address to specific user if you use PIX internal DB for authentication.

In your case, since you are using Radius server for authentication, you can configure your radius server to assign VPN IP address, and you would need to change the VPN address assignment method on the ASA to:

vpn-addr-assign aaa

Create
Recognize Your Peers
Content for Community-Ad