Showing results for 
Search instead for 
Did you mean: 

Configuring DHCP Intercept on the VPN 3000 Concentrator for L2TP/IPSec client connections




This document describes the configuration steps for DHCP intercept on the VPN 3000 concentrator.


What is DHCP?

DHCP means Dynamic Host Configuration Protocol and is used to assign IP's autromatically to hosts when connected to a network. DHCP enables a framework which ensures the passing of configuration to hosts on a TCPIP network. DHCP consists of Bootstrap Protocol (BOOTP).


When a host is connected  it makes a request to a DHCP server that may or may not reside on the same subnet. The automatic distribution of IP configuration to the hosts make it easy for the network administrator to maintaining IP. DHCP distributes the IP address, subnet mask and default gateway to a host.


A DHCP client has to undergo a six stage process. The stages are mentioned below:

  • Initializing
  • Selecting
  • Requesting
  • Binding
  • Renewing
  • Rebinding


Dynamic Host Configuration Protocol (DHCP) Intercept uses DHCP to provide a Microsoft Layer 2 Tunnel Protocol (L2TP)/IPSec client with a subnet mask, domain name, and classless static routes.


This feature allows the VPN Concentrator to reply directly to the Microsoft client DHCP Inform message. This is useful in environments in which using a DHCP server for this purpose is not advantageous.


This feature can be configured on a per-group basis on the Client Config tab of either the Configuration > User Management > Base Group screen or the Configuration > User Management > Groups > Add or Modify screen.


For more information on the DHCP Intercept feature, see User Management.


Note: By default, DHCP intercept allocates a /24 mask. If you need the group to allow for a DHCP proxy subnet larger than a /24, go to Group > Client config > Subnet Mask and specify the required mask.