06-11-2013 03:55 AM
Hi All
We assign in our IPSec VPN the tunnel-address from our centralized dhcp server pools.
In the profile we have two server's ip configured.
In test (whireshark) we noticed that the discover always go to the first configured ip.
I do not understand and could not finf hints how the function is.
- backup server with a timeout when no answer comes from primary ?
- should ASA do simultaneous discover to all configured ip's ?
=>Problem is, that although the first server not answered in a timely manner, we noticed no discover to the second.
Here the partial CLI - Config:
++
tunnel-group AZInt07 type remote-access
tunnel-group AZInt07 general-attributes
authentication-server-group ActivPack
default-group-policy AZInt
dhcp-server 10.x.x.y
dhcp-server 10.x.y.y
tunnel-group AZInt07 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group AZWlan07 type remote-access
tunnel-group AZWlan07 general-attributes
authentication-server-group ActivPack
<--- More --->
++
Thank You, Regards
Martin
06-11-2013 04:03 AM
Hi,
I think you might actually need to use the command in a different way.
Actually listing the servers under the same "dhcp-server" command
Here is a link to the command in the Command Reference
http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/d2.html#wp1943327
It has an option to enter multiple IP address under the same command.
Not sure if this changes your situation. I have not configured more than one server personally.
Hope this helps
- Jouni
06-11-2013 04:09 AM
Hi Jouni
We do configation this in the ASDM. There it is only possible in the same line.
Resulting in CLI is like posted.
Martin
06-11-2013 04:35 AM
Hi,
Tested on my home ASA and it does seem that it enter it the same way into the configuration no matter if you insert multiple servers at a time or one by one.
No document so far has explained how it uses those multiple DHCP servers.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide