Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
927
Views
5
Helpful
4
Replies

External DHCP server and AnyConnect

Go to solution
AngryByte
Level 1
Level 1

‎04-14-2020 01:16 PM - edited ‎04-14-2020 01:17 PM

Good day. I am investigating the possibility of using a DHCP server to assign IP addresses and to manage lease and reservation assignments from a windows server.

edit: Specifically by means of an ASA 5500 series appliance.

How does AnyConnect (version 4.6 is a package I use in my lab) decide the physical address to use when negotiating a VPN session? Would this physical address be known to the ASA and thus to the DHCP server? 

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎04-14-2020 01:57 PM

Hi,

You would define the dhcp server IP address under the tunnel-group with the command dhcp-server and then under the group-policy the command dhcp-network-scope defines from which DHCP scope to use.

 

tunnel-group TUNNEL-GROUP-NAME genral-attributes
 dhcp-server <DHCP-SERVER-IP>
group-policy GROUP-POLICY-NAME attributes 
 dhcp-network-scope <RAVPN-NETWORK-SCOPE>

More information here.

 

HTH

View solution in original post

4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎04-14-2020 01:57 PM

Hi,

You would define the dhcp server IP address under the tunnel-group with the command dhcp-server and then under the group-policy the command dhcp-network-scope defines from which DHCP scope to use.

 

tunnel-group TUNNEL-GROUP-NAME genral-attributes
 dhcp-server <DHCP-SERVER-IP>
group-policy GROUP-POLICY-NAME attributes 
 dhcp-network-scope <RAVPN-NETWORK-SCOPE>

More information here.

 

HTH

Go to solution
AngryByte
Level 1
Level 1
In response to Rob Ingram

‎04-15-2020 07:12 AM

Thank you for the reply. I appreciate the reading information, I will study this.

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎04-14-2020 02:17 PM

The local operating-system chooses the local IP, not AnyConnect. Basically it's a routing decision when you have multiple adapters in your system.

The DHC-server will not see the public IP of the client. But if you do radius authentication, the IP is sent to the radius-server.

0 Helpful

Go to solution
AngryByte
Level 1
Level 1
In response to Karsten Iwen

‎04-15-2020 07:06 AM

Thank you for your reply. However, I'm not quite sure the operating system makes the decision on what Physical Address to assign the virtual network adapter. The reason I say that is, I've gotten a physical address from a live Windows AnyConnect client and the OUI on the physical address refers back to Cisco's unique identifier. 

 

00:05:9A Cisco Systems, Inc
 
It interests me if this physical address stays the same session to session as I'm looking to reserve individual IP addresses to individual clients in the hopes of unifying the remote user IP addresses with the enterprise users addressing schema.
0 Helpful
Customers Also Viewed These Support Documents