We assign in our IPSec VPN the tunnel-address from our centralized dhcp server pools.
In the profile we have two server's ip configured.
In test (whireshark) we noticed that the discover always go to the first configured ip.
I do not understand and could not finf hints how the function is.
- backup server with a timeout when no answer comes from primary ?
- should ASA do simultaneous discover to all configured ip's ?
=>Problem is, that although the first server not answered in a timely manner, we noticed no discover to the second.
Here the partial CLI - Config:
tunnel-group AZInt07 type remote-access
tunnel-group AZInt07 general-attributes
tunnel-group AZInt07 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group AZWlan07 type remote-access
tunnel-group AZWlan07 general-attributes
<--- More --->
Thank You, Regards
I think you might actually need to use the command in a different way.
Actually listing the servers under the same "dhcp-server" command
Here is a link to the command in the Command Reference
It has an option to enter multiple IP address under the same command.
Not sure if this changes your situation. I have not configured more than one server personally.
Hope this helps
We do configation this in the ASDM. There it is only possible in the same line.
Resulting in CLI is like posted.
Tested on my home ASA and it does seem that it enter it the same way into the configuration no matter if you insert multiple servers at a time or one by one.
No document so far has explained how it uses those multiple DHCP servers.