Hi,

Currently there is a requirement in our organisation to use DHCP Server to assign IP address for Remote VPN users.  The DHCP Service runs on a Windows server and I have created a scope that need to be assigned to the users. DHCP Server IP address is 10.61.100.120.

I have configured the below commands on the Cisco ASA.  The DHCP server is not directly connected to the firewall but has a reachability through inside interface.

!
interface GigabitEthernet0/0
 nameif inside
 security-level 100
 ip address 10.1.1.1 255.255.255.248
!
interface GigabitEthernet0/1
 nameif outside
 security-level 0
 ip address 185.100.19.2 255.255.255.240

group-policy WIN-VPN internal
group-policy WIN-VPN attributes
dhcp-network-scope 10.61.24.0
vpn-idle-timeout 240
vpn-tunnel-protocol ssl-client
password-storage disable
 webvpn
anyconnect profiles value win-vpn-profile type user

tunnel-group WIN-VPN type remote-access
tunnel-group WIN-VPN general-attributes
 authorization-server-group LDAP
 authorization-server-group (inside) LDAP
 default-group-policy WIN-VPN
 dhcp-server 10.61.100.120
 username-from-certificate CN
tunnel-group WIN-VPN webvpn-attributes
 group-alias WIN-VPN enable
 group-url https://vpn-test.xxx.com/WIN-VPN enable

After the user authentication , I see the IP address are not getting assigned to the user and getting failed connection. Also in the DHCP server, I see traffic from the ASA inside interface sending a query but see no reply from DHCP server.

Can someone help me if anything is missing in the above configuration. or do I need to setup anything on the DHCP server for these configuration to work.

Also I don't understand how this will work without enabling dhcp-reply on the Cisco ASA firewall ??

 Looking for a immediate reply for it.