Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3634
Views
0
Helpful
0
Comments

DHCP assignment fails for Cisco VPN Clients that terminate on the Cisco ASA with software version 7.1

TCC_2
Level 10
Level 10

‎06-22-2009 04:11 PM - edited ‎03-08-2019 06:14 PM

Core issue

This issue is documented in Cisco bug ID CSCsf22066.

This problem occurs when a Cisco Adaptive Security Appliance (ASA) is configured as a DHCP proxy with the dhcp-network-scope 172.16.32.0 command for the VPN Client DHCP IP address assignment. The DHCP server used by the ASA is an external server with the 172.16.32.0/24 range of addresses available. When the VPN Client connects to the ASA and the ASA attempts to download a DHCP IP address from the external DHCP server, the ASA presents the reply giaddr (DHCP proxy-server address) to the DHCP server as 172.16.32.0 instead of its actual physical interface address. This behavior was first found in version 7.1(2).

Resolution

The only workaround for this issue is to use an internal ASA DHCP range.

Refer to the Configuring DHCP section of Configuring IP Routing and DHCP Services for more information.

ASA Models

ASA 5520

Features & Tasks

DHCP server

DHCP client

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents