Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
0
Helpful
3
Replies

DHCP Server for anyconnect client won't work on same interface as DHCP relay

Austin Clark
Level 1
Level 1

‎01-27-2017 04:17 AM - edited ‎02-21-2020 09:08 PM

I have an conundrum. 

I have a 5512x with 3 interfaces/vlans.   Vlan29 is where my DC/DHCP server resides. VLAN 19 and 69 or my wired and wireless user networks of which use DHCP relay to forward DHCP requests to VLAN 29. Thats all dandy.

When I try to configure my anyconnect to stop using a local address pool and point to DHCP server (windows 2008R2) on VLAN29 it will not.  Cisco Tech confirmed that it will not point to a DHCP server on the same interface as DHCP relay is configured for.

My end goal is to resolve IP's by DNS entry (for the VPN clients) in order to run updates / vulnerability scans. It instead just resolves to the last address the user had on the wired or wireless lan.


Can anyone offer suggestions?  

Labels:
0 Helpful
3 Replies 3

Rahul Govindan
VIP Alumni
VIP Alumni

‎01-27-2017 05:16 AM

DHCP relay should only be on vlan 19 and 69, so you should still be able to use the DHCP server assignment as the DHCP server is on a vlan 69 (no relay).

Do you get an error when you put the command in? Can you paste relevant parts of your config?

If you want to resolve your VPN clients name, then DHCP based assignment is only way that I can think of.

0 Helpful

Austin Clark
Level 1
Level 1
In response to Rahul Govindan

‎01-27-2017 07:25 AM

DHCP relay agent is only configured on 19 and 69.   Under Global DHCP Relay Server, I have the IP and interface of my windows 2008 server on vlan 29.

If that global DHCP relay server is taken out then the VPN dhcp settings that point at that same server work work fine.

I don't get an error when I enter DHCP server in the VPN profile. I do however get an error when I delete the Global DHCP relay server and enter it back in with DHCP server on vpn profile.

0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni
In response to Austin Clark

‎01-27-2017 09:02 AM

Yup, I recall now that the DHCP Proxy (address assignment for VPN) is not dependent on the interface on which DHCP relay is enabled, just the fact that this is enabled. There was a bug raised for this earlier, but I don't think this will change in the near future:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCsd22469

0 Helpful
Customers Also Viewed These Support Documents