Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
640
Views
0
Helpful
3
Replies

DHCP Server is unreachable after VPN Client is connected

kuiper
Level 1
Level 1

‎06-23-2004 09:14 AM - edited ‎02-21-2020 01:12 PM

Hello,

i have a VPN connection established to my VPN concentrator 3060 (software version 4.1.4) with an Client version 3.6.x. Everything works fine.

Now with the new client version 4.0.4(D) a host route to my DHCP Server is created on my Windows XP client, so after the connection ist established, all traffic to the DHCP server does not go through the vpn tunnel. The traffic to the DHCP server is blocked, because I need to use the option tunnel everything. The DHCP server must be reacheable through the tunnel, because it is the DNS and Proxy server for my vpn clients. How can I prevent the creating of the host route to my DHCP server on my vpn client? I use the DHCP Server option on my concentrator and not the dhcp relay function. The DHCP Server and private interface of the concentrator are not in the same subnet.

Thanks in advance.

Labels:
0 Helpful
3 Replies 3

mpervere
Level 1
Level 1

‎09-02-2004 04:15 PM

Kuiper -

Funny you should post this...I'm running into the same issue this week. Did you ever figure out a workaround? The TAC answer was to create a split tunnel that traps for "everything except" the DHCP server. Not exactly the optimum answer.

I can almost understand this being useful for a local DHCP server (to allow lease renewals while connected, I guess). On further investigation though, it looks like this is specific to DHCP relay. For example if the router servicing the client VLAN uses a helper-address that's ultimately on the "secure" side of the tunnel (even though no other transit is allowed between them), you lose all connectivity to that server once the tunnel comes up. For some STRANGE reason the host route that gets added to the Windows "route print" table is that of the ACTUAL DHCP server, not the relay agent. Not good...and not really turn-offable that I can find anywhere.

I post mainly hoping that you might have found a "correct" answer or that the refreshed date might bump the question up where someone can see it.

Thanks...

Mike

0 Helpful

kuiper
Level 1
Level 1
In response to mpervere

‎09-02-2004 11:22 PM

Hello,

this is a Bug Fix for Bug-ID: CSCeb77199.

I think, this is a Bug, but not a Bug Fix.

You have to edit the vpnclient.ini file.

Inserting the folowing option under the [main]

field will help you:

[main]

AddDhcpRoute=0

Thanks to Stephan Meier, Cisco Systems GmbH Hamburg,

who give me this answer.

0 Helpful

mpervere
Level 1
Level 1
In response to kuiper

‎09-03-2004 04:04 AM

Excellent...works great! Thanks Stephan. I guess we'll have to pass it along to TAC too...

0 Helpful
Customers Also Viewed These Support Documents