Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
599
Views
0
Helpful
1
Replies

Anyconnect Client and Microsoft DNS server

jrichterkessing
Level 1
Level 1

‎10-06-2016 09:31 AM - edited ‎02-21-2020 09:00 PM

I have been banging my head on this problem for a couple days now and coming up with nothing. I have followed a couple/few configuration examples (http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/118084-configure-anyconnect-00.html) of how to get my Anyconnect VPN clients IP addresses from a DHCP server not running on the ASA and I am still not getting anywhere....any help would be appreciated!

I'm going to try to upload an image but the basic layout is my clients will hit a public address on my ASA 5520 over the internet, I want our Microsoft DHCP server to supply an IP address for the client VPN session....the DHCP server is not on the same subnet as the ASA.

Here are my tunnel-group and group-policy configs:

tunnel-group LimitedNetAdminAccess type remote-access
tunnel-group LimitedNetAdminAccess general-attributes
authentication-server-group New-LDAP
default-group-policy LimitedNetAdminAccess
dhcp-server 10.1.100.6
password-management password-expire-in-days 7

group-policy LimitedNetAdminAccess internal
group-policy LimitedNetAdminAccess attributes
dns-server value 10.4.99.8 10.3.99.8
dhcp-network-scope 10.1.64.0
vpn-access-hours none
vpn-simultaneous-logins 10
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter value NetAdminLimited
vpn-tunnel-protocol ssl-client ssl-clientless
group-lock value LimitedNetAdminAccess
split-tunnel-network-list value NetAdminMinimal
default-domain value xxxx.com
split-dns value xxxx.com xxxxxxxxxxx.com xxxxxxxxxxxxxxx.com
nac-settings none
address-pools none

vpn-addr-assign dhcp

1 person had this problem
Labels:
0 Helpful
1 Reply 1

JP Miranda Z
Cisco Employee
Cisco Employee

‎10-06-2016 05:37 PM

Hi jrichterkessing,

The configuration on the ASA looks fine, do you see the DHCP Discover packets getting to the DHCP server?

If you are trying to troubleshoot this on the ASA i will recommend you to take captures from the inside interface of the ASA to the server and also from the server to the dhcp scope configure on the ASA:

example:

capture test interface inside match ip host <ASAinsideip> host 10.1.100.6

capture test1 interface inside match ip host 10.1.100.6 host 10.1.64.0

sh cap test 

sh cap test1

You can also check the logs on the server.

Hope this info helps!!

Rate if helps you!! 

-JP-

0 Helpful
Customers Also Viewed These Support Documents