Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1309
Views
0
Helpful
5
Replies

Pix 515E VPN DHCP External / IP-Helper

Go to solution
Steffen Frederiksen
Level 1
Level 1

‎05-14-2012 11:59 PM - edited ‎03-11-2019 04:07 PM

Cisco PIX Security Appliance Software Version 8.0(2)

Device Manager Version 6.1(5)51

                  

Cisco PIX Security Appliance Software Version 8.0(2)
Device Manager Version 6.1(5)51

Running VPN on this device with an internal DHCP Pool

tunnel-group JVusergroup type remote-access
tunnel-group JVusergroup general-attributes
address-pool JVusergroup-DHCP-Pool

I would like to use an external DHCP insted of the pix itselvf. How do I relay (IP-helper) DHCP request on the VPN policy to an external DHCP-server?

Best Regards,

Steffen.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to Steffen Frederiksen

‎05-16-2012 04:29 AM

You can't use DHCP reservation for VPN IP assignment.

You can assign specific IP Address to specific user if you use PIX internal DB for authentication.

In your case, since you are using Radius server for authentication, you can configure your radius server to assign VPN IP address, and you would need to change the VPN address assignment method on the ASA to:

vpn-addr-assign aaa

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎05-15-2012 12:27 AM

Enable DHCP as the vpn address assignment:

vpn-addr-assign dhcp

Doc: http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/uz.html#wp1594364

And also configure the DHCP server and DHCP scope that you would like to use as stated in the above document:

tunnel-group JVusergroup general-attributes

     dhcp-server

And dhcp-network-scope to be configured on your group-policy.

Hope this helps.

0 Helpful

Go to solution
Steffen Frederiksen
Level 1
Level 1
In response to Jennifer Halim

‎05-16-2012 12:29 AM

Hi Jennifer

Thank you for the reply :-)

Du you also know if it is possible to make a DHCP resevation in the internal DHCP pool on the PIX 515e? Here is how the DHCP pool is configured today:

ip local pool JVusergroup-DHCP-Pool 10.31.10.10-10.31.10.254 mask 255.255.255.0

But I can't figure out how to make a reservation in that internal pool.

Regards, Steffen.

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to Steffen Frederiksen

‎05-16-2012 12:32 AM

What do you mean by reservation for the internal pool?

Do you mean one unique pool to be assigned to one group? or do you mean each user will have a statically assigned ip address?

Also, what is your authentication method? local DB on PIX or external radius/tacacs server?

0 Helpful

Go to solution
Steffen Frederiksen
Level 1
Level 1
In response to Jennifer Halim

‎05-16-2012 12:35 AM

Authentication Exxternal RADIUS.

I Would like to make a DHCP reservation, so that my computer alway obtain the same IP address from the DHCP when connected to the VPN.

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to Steffen Frederiksen

‎05-16-2012 04:29 AM

You can't use DHCP reservation for VPN IP assignment.

You can assign specific IP Address to specific user if you use PIX internal DB for authentication.

In your case, since you are using Radius server for authentication, you can configure your radius server to assign VPN IP address, and you would need to change the VPN address assignment method on the ASA to:

vpn-addr-assign aaa

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card