Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4914
Views
200
Helpful
31
Replies

Cisco FTD Anyconnect DHCP

Irakli Gvishiani
Level 1
Level 1

‎02-02-2022 10:37 PM

Hello,

 

I would like to configure for Cisco Anyconnect DHCP Address Assignment from Windows DHCP Server. I Use this Manuals (https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215854-configure-anyconnect-vpn-client-on-ftd.pdf), but nothing works. 

 

Are there any additional steps? 

31 Replies 31

Irakli Gvishiani
Level 1
Level 1
In response to Rob Ingram

‎02-04-2022 03:27 AM

Version is 6.6.4

 

Do I need to disable this diagnostic feature after use (As it done on routers undebug all)?

Irakli Gvishiani
Level 1
Level 1
In response to Rob Ingram

‎02-04-2022 03:39 AM

Nothing matches

 

dhcp-7.PNG

Rob Ingram
VIP
VIP
In response to Irakli Gvishiani

‎02-04-2022 04:37 AM

@Irakli Gvishiani perhaps this is not a DHCP issue, does the VPN actually connect if you used an IP pool? Check that first to confirm the user can connect, then go back to using DHCP.

Irakli Gvishiani
Level 1
Level 1
In response to Rob Ingram

‎02-04-2022 04:44 AM

I Use 2 VPN Profile, first profile is configured with IP Pool and works fine. Second Profile is configured with DHCP, but ... 

Rob Ingram
VIP
VIP
In response to Irakli Gvishiani

‎02-04-2022 05:04 AM

@Irakli Gvishiani ok but that doesnt prove there isn't another issue with that second profile, can you test just to confirm it does work with an IP pool.

 

From the CLI of the FTD, can you also provide the output of "show tunnel-group <NAME" and "show group-policy <NAME>"

Irakli Gvishiani
Level 1
Level 1
In response to Rob Ingram

‎02-04-2022 05:26 AM

Yes, I confirm that with IP Pool Second Profile also works fine. 

dhcp-8.PNG

Show commands output:

dhcp-9.PNG

dhcp-10.PNG

Rob Ingram
VIP
VIP
In response to Irakli Gvishiani

‎02-04-2022 05:35 AM

@Irakli Gvishiani what is the configuration of your split tunnel ACL? I assume the DHCP server is being tunneled?

Irakli Gvishiani
Level 1
Level 1
In response to Rob Ingram

‎02-04-2022 06:27 AM

Yes, of course 

Rob Ingram
VIP
VIP
In response to Irakli Gvishiani

‎02-04-2022 07:27 AM

@Irakli Gvishiani I haven't been able replicate your issue, it just works.

If you run "debug webvpn 255" under "system support diagnostic-cli", this may provide a clue.

 

The apparent only difference is I am running version 7, I also do not have the helper-address configured on my VLAN connecting the core to the FTD. Perhaps raise a TAC call?

 

 

sadist001
Level 1
Level 1
In response to Rob Ingram

‎02-04-2022 07:37 AM

Yes, I think it's time for TAC.

Thanks for your time! 

MHM Cisco World
VIP
VIP

‎02-03-2022 04:14 PM

Friend last point, 

check by Wireshark the DHCP request "if it send as unicast" use IP source as Inside ip or management ip address.

Irakli Gvishiani
Level 1
Level 1
In response to MHM Cisco World

‎02-03-2022 10:48 PM

DHCP Server don't receive any DHCP-Packets from FTD

MHM Cisco World
VIP
VIP

‎02-23-2022 05:23 PM

Hi Friend, sorry for late reply,
do you solve this issue?

0 Helpful

Irakli Gvishiani
Level 1
Level 1
In response to MHM Cisco World

‎02-23-2022 10:23 PM

Hello,

 

Not yet 

0 Helpful
Customers Also Viewed These Support Documents