Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
753
Views
0
Helpful
2
Replies

DHCP Proxy Problem

Go to solution
royda1061
Community Member

‎06-16-2004 07:21 AM - edited ‎03-09-2019 07:46 AM

I'm using the "DHCP Network Scope" field in order to provide a specific scope for a Group of users. The VPN concentrator for the DHCP Discover request uses its own IP address into the IP source field and inserts into the GIADDR field of the DHCP Discover message the "DHCP Network Scope" information. The DHCP server then uses the GIADDR as the return address and consequently my VPN concentrator doesn't receive the DHCP Offer.

Does anybody have a solution or information?

Thanks.

Regards.

David Roy.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎06-16-2004 05:20 PM

You need to set up the routing on your internal network so that whatever subnet you've defined is routed back to the private interface of the concentrator.

For example, let's say you put 200.1.1.1 into the DHCP Network Scope field under the Group parameters. This IP address then gets put into the GIADDR field in the DHCP request the concentrator sends out. The reply from the DHCP server will be unicast back to 200.1.1.1, with an IP address in the 200.1.1.0 subnet allocated within the DHCP packet. Your internal network needs to route this network back to the private IP address of the concentrator, not just for the DHCP reply to make it back, but for the subsequent replies to all the VPN clients packets to make it back also.

You can't allocate a DHCP Network Scope for some existing subnet on your network, because when the VPN clients send packets, all the replies back to them will be routed off to this existing subnet. The replies to the VPN clients, including the reply to the initial DHCP request from the concentrator, needs to be routed back to the concentrator itself.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎06-16-2004 05:20 PM

You need to set up the routing on your internal network so that whatever subnet you've defined is routed back to the private interface of the concentrator.

For example, let's say you put 200.1.1.1 into the DHCP Network Scope field under the Group parameters. This IP address then gets put into the GIADDR field in the DHCP request the concentrator sends out. The reply from the DHCP server will be unicast back to 200.1.1.1, with an IP address in the 200.1.1.0 subnet allocated within the DHCP packet. Your internal network needs to route this network back to the private IP address of the concentrator, not just for the DHCP reply to make it back, but for the subsequent replies to all the VPN clients packets to make it back also.

You can't allocate a DHCP Network Scope for some existing subnet on your network, because when the VPN clients send packets, all the replies back to them will be routed off to this existing subnet. The replies to the VPN clients, including the reply to the initial DHCP request from the concentrator, needs to be routed back to the concentrator itself.

0 Helpful

Go to solution
royda1061
Community Member
In response to gfullage

‎06-22-2004 01:47 AM

Thank you for your help.

I've tested it. This configuration works well.

Regards.

0 Helpful
Customers Also Viewed These Support Documents