03-24-2010 09:20 AM
I have ASA 5520 as vpn termination point. In front of asa there is firewall that translates the public ip to private and pass the SSL traffic to ASA. I configured DHCP relay to get IP for home users from Windows DHCP server:
dhcprelay server 10.100.2.101 inside
dhcprelay enable vpn
dhcprelay setroute vpn
and it does not work. with local pool it works fine. Shall I do something else? When I switch on debug there is no any activity.
Solved! Go to Solution.
03-24-2010 03:34 PM
Are you trying to assign IP to SSL vpn client by using DHCP server?
If yes, you don't need those commands which are listed in your post.
Basically, you need define dhcp server in tunnel-group and dhcp-network-scope in group-policy.
Here is an example for Ipsec client. The setup should be similar.
03-24-2010 03:34 PM
Are you trying to assign IP to SSL vpn client by using DHCP server?
If yes, you don't need those commands which are listed in your post.
Basically, you need define dhcp server in tunnel-group and dhcp-network-scope in group-policy.
Here is an example for Ipsec client. The setup should be similar.
03-25-2010 12:37 AM
Thank you for advice.
Actually I had these commands in my configuration, but together with global dhcp relay it did not work. After I removed DHCP relay from interface, I could get ip address assignment from DHCP server for SSL VPN clients.
Now I have another problem: I could get only ip address, but not any other options: dns, default gateway, proxy settings etc. The client pc shows that dhcp not enebled on the client. Can I change this settings in the ASA configuration?
03-25-2010 10:55 AM
I don't think the vpn client will get default gw, dns from dhcp server.
After tunnel is up, you can use "route print" on client to check the routing. Some necessary routing for VPN traffic should be automatically added already.
You can add dns info in related group policy by "dns-server" command.
I am not sure about proxy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide