Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2067
Views
0
Helpful
4
Replies

DHCP request load Balancing between primary and secondary external dhcp servers on cisco asa remote access vpn

Go to solution
gibsonmoses45
Level 1
Level 1

‎10-01-2017 11:08 PM - edited ‎03-12-2019 04:35 AM

Good day all

I hope someone can point me in the right direction.

I have an ASA configured for remote access VPN using the AnyConnect Client , and the WebVPN.

 

I currently have two external dhcp servers. I initially configured the ASA to use both servers for failover but when the primary dhcp server went down clients could not get IP addresses from the secondary server.

My question is :

Does the ASA VPN support external DHCP failover in such a setup? If yes what would I need to configure on the ASA. My dhcp servers are configured for failover and on the DHCP pool wasn't working as expected.

Thank you for your assistance.

Gibson

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rich Uline
Level 1
Level 1

‎10-02-2017 07:49 AM

Gibson,

 

Configuring multiple DHCP servers is acceptable. See this support document, which also has some helpful troubleshooting instructions. It's important to understand how DHCP redundancy works, though. There isn't really a failover concept. Instead, the relay agent will simply send the same request to both servers and the client will accept the first offer it receives. Are you using split scopes or a shared database on the DHCP servers? If you are using split scopes, then ensure the scope ranges are the same. You should then exclude half of the addresses from each scope.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rich Uline
Level 1
Level 1

‎10-02-2017 07:49 AM

Gibson,

 

Configuring multiple DHCP servers is acceptable. See this support document, which also has some helpful troubleshooting instructions. It's important to understand how DHCP redundancy works, though. There isn't really a failover concept. Instead, the relay agent will simply send the same request to both servers and the client will accept the first offer it receives. Are you using split scopes or a shared database on the DHCP servers? If you are using split scopes, then ensure the scope ranges are the same. You should then exclude half of the addresses from each scope.

0 Helpful

Go to solution
gibsonmoses45
Level 1
Level 1
In response to Rich Uline

‎10-02-2017 10:37 PM

Hi Rich,

Thank you for the response. It really helped. I have set up the dhcprelay to go to both servers however the unicast message doesn't arrive simultaneously to both servers. Could that not be a problem in case one of the servers happens to go down for some reason?

 

Regards,

Gibson 

0 Helpful

Go to solution
gibsonmoses45
Level 1
Level 1
In response to Rich Uline

‎10-02-2017 10:39 PM

Just to add on , sometimes the request does reach the server and sometimes it would appear never to reach it. Could that not be a problem ?
0 Helpful

Go to solution
Rich Uline
Level 1
Level 1
In response to gibsonmoses45

‎10-03-2017 01:35 PM - edited ‎10-03-2017 01:36 PM

Gibson,

Let's be sure we are on the same page with nomenclature. The DHCP conversation goes: discovery, offer, request, and acknowledge. Multiple DHCP servers can receive the same discovery and send separate offers, but only one offer will be accepted. Because only one (the first) offer is accepted, only one request will be sent and there is no conflict when multiple DHCP servers are configured. If one server is offline, then the other server will be the only one available to respond.

 

With this information in mind, it is expected behavior that the request will only be received by one of the servers. However, if the discovery sometimes gets to the server and sometimes does not, then you have a problem.

 

 

0 Helpful
Customers Also Viewed These Support Documents