Buy or Renew
Buy or Renew
Cisco Community present at Cisco Live EMEA 2023. See you in Amsterdam! Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
417
Views
0
Helpful
5
Replies

Connecting to local LAN with internal DHCP server (ASA 5505, anyconnect)

kevinhuntly
Beginner
Beginner

‎04-04-2021 01:40 PM

Hi Everyone,

 

I recently configured my ASA to use my internal DHCP server to hand out addresses instead of the local DHCP pool that I had originally created. The issue is that when I'm using the DHCP server to hand out the address I can't access any internal resources. If I use the pre-configured VPN DHCP pool on the ASA, everything works fine. Note that the same NAT rules apply (I'm using the same address space)

Labels:
0 Helpful
5 Replies 5

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

‎04-04-2021 04:33 PM

Please post the configuration before and after the change( Local DHCP config and remote DHCP Server configs)

 

here is the configuration example with highlighted information :

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/109493-asa-vpn-dhcp-asdm-config.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend
In response to kevinhuntly

‎04-05-2021 01:30 AM

Thank you for the information, did the VPN users get IP addresses from the DHCP pool? after changing?

 

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/118084-configure-anyconnect-00.html

 

 

how come this configuration changed from Trunk to only vlan 1  ? is this intent of your case ?

 

interface Ethernet0/1
switchport access vlan 1

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Sheraz.Salim
VIP Advisor VIP Advisor
VIP Advisor

‎04-05-2021 01:01 AM

I noted you trying to do a DHCP proxy  RFC 3011 and RFC 3527. please have sure your ASA can reach the DHCP server. also i belive you have define your DHCP external server ip address in your tunnel group policy. cisco already release a document with this problem.

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/118084-configure-anyconnect-00.html

 

 

please do not forget to rate.
0 Helpful

kevinhuntly
Beginner
Beginner
In response to Sheraz.Salim

‎04-05-2021 05:07 AM

Users are able to get addresses from the internal DHCP server, they just can't access any LAN resources. Internet access is fine.

The DHCP scope the users are in is part of VLAN40 on the router/switch, not sure if that makes a difference.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents