Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
790
Views
0
Helpful
3
Replies

IOS DHCP Server Interface

Shawn Lebbon
Level 1
Level 1

‎12-15-2004 08:23 AM - edited ‎03-05-2019 11:21 AM

I looked through the docs a bit, but couldn't find this.

I have a Router that has 3 basic interfaces. 1 LAN, 1 WAN, and 1 Virtual template that VPN users use.

I want to have the VPN users get IP addresses through a DHCP server (so we can pass specific DHCP options to them such as "register your connection name/ip in DNS"), but I don't want them conflicting with the DHCP range defined on the LAN.

We have a DHCP server already on the LAN for LAN clients. We just want a seperate Server for the VPN clients, so we were thinking of running DHCP Server on the Cisco as well. However (and this is the main question) how do we ensure that the Cisco DHCP Server only responds to DHCP requests from VPN clients and not LAN clients or WAN (internet) side clients? It seems to me that it uses IP network ranges to differientate between which interfaces to 'listen' on, but since the VPN clients get assigned addresses in the same range as clients on the LAN, I fear that it will 'listen' on both the LAN and VPN!?!?

Alternatively if you know of a better way to set this up, please suggest!

Labels:
0 Helpful
3 Replies 3

thisisshanky
Level 11
Level 11

‎12-15-2004 08:48 AM

Shawn

If you are configuring this router for VPN Clients, you will have a dynamic crypto map defined for them.

IP addresses for clients are assigned not from a DHCP server. Instead you define a pool in the router and assign that pool to the crypto map.

crypto isakmp client configuration group Test

key cisco

dns 192.168.10.2 192.168.10.5

domain test.com

pool VPN-POOL <----this is the "virtual" dhcp server

The pool is defined as follows..

ip local pool VPN-POOL 192.168.40.1 192.168.40.254

The address specified in this pool can be a totally different address space used on the inside LAN. Just make sure that the inside network knows how to reach say 192.168.40.0/24 network in this case.

Let me know if you need more help with this setup...

Sankar.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

Shawn Lebbon
Level 1
Level 1
In response to thisisshanky

‎12-15-2004 11:19 AM

Sorry, I wasn't too clear. These 'VPN' clients aren't Cisco VPN Clients, they are actually Windows Native L2TP clients connecting into the Cisco. First they connect with the crypto map settings and establish communication, then they authenticate over L2TP tunnels with PPP. Thus aside from the initial crypto map/isakmp parts I have:

vpdn-group 1

! Default L2TP VPDN group

accept-dialin

protocol l2tp

virtual-template 10

no l2tp tunnel authentication

.

.

interface Virtual-Template10

description basic VPN tunnel interface

ip unnumbered FastEthernet0

no ip route-cache cef

no ip route-cache

peer default ip address pool IPPOOL

ppp authentication ms-chap-v2

In the virtual template I then have the option of defining DHCP proxy or DHCP server rather than the local pool. The problem we have right now is that the clients don't register themselves in DNS once they're connected. We wanted them to do this, but there aren't options to pass the clients through a 'local pool', thus why we were looking into DHCP...

0 Helpful

Flavio Miranda
VIP
VIP

‎05-03-2023 02:49 PM

Hi

  As we dont attach the DHCP scope with any specific interface, I believe both will get IP address from the DHCP.

 If you know the clients who come through the VPN, what you can try is to use Client-Identifier

IP dhcp pool MLGW
host 192.168.5.10 255.255.255.0
client-identifier 0100.04f3.0158.b3

https://mrncciew.com/2013/06/10/ios-dhcp-add-reservation/

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card