Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
581
Views
0
Helpful
5
Replies

Connecting to local LAN with internal DHCP server (ASA 5505, anyconnect)

kevinhuntly
Level 1
Level 1

‎04-04-2021 01:40 PM

Hi Everyone,

 

I recently configured my ASA to use my internal DHCP server to hand out addresses instead of the local DHCP pool that I had originally created. The issue is that when I'm using the DHCP server to hand out the address I can't access any internal resources. If I use the pre-configured VPN DHCP pool on the ASA, everything works fine. Note that the same NAT rules apply (I'm using the same address space)

Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎04-04-2021 04:33 PM

Please post the configuration before and after the change( Local DHCP config and remote DHCP Server configs)

 

here is the configuration example with highlighted information :

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/109493-asa-vpn-dhcp-asdm-config.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to kevinhuntly

‎04-05-2021 01:30 AM

Thank you for the information, did the VPN users get IP addresses from the DHCP pool? after changing?

 

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/118084-configure-anyconnect-00.html

 

 

how come this configuration changed from Trunk to only vlan 1  ? is this intent of your case ?

 

interface Ethernet0/1
switchport access vlan 1

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Sheraz.Salim
VIP
VIP

‎04-05-2021 01:01 AM

I noted you trying to do a DHCP proxy  RFC 3011 and RFC 3527. please have sure your ASA can reach the DHCP server. also i belive you have define your DHCP external server ip address in your tunnel group policy. cisco already release a document with this problem.

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/118084-configure-anyconnect-00.html

 

 

please do not forget to rate.
0 Helpful

kevinhuntly
Level 1
Level 1
In response to Sheraz.Salim

‎04-05-2021 05:07 AM

Users are able to get addresses from the internal DHCP server, they just can't access any LAN resources. Internet access is fine.

The DHCP scope the users are in is part of VLAN40 on the router/switch, not sure if that makes a difference.

0 Helpful
Customers Also Viewed These Support Documents