PIX Remote Access VPN with external DHCP server

lee.reade · ‎06-16-2005

Hi People,

I have a requirement for using an external win2k/win2k3 server with dhcp for address assignment to my remote access vpn clients, of which there are approx 170.

However, our setup requires that we our internal DNS servers are up to date with all remote site ips, therefore we upgraded from 6.3.4 to ver 7.0 so that we could use external dhcp server to issue addresses and update DNS.

However we are finding that the 'normal' dhcp rules are not applied, ie, when clienta connects and gets address 1.1.1.1, and then clientb connects and gets 1.1.1.2, if clienta disconnects and clientc connects, he will then be issued 1.1.1.1, this obviously is not ideal.

We need each remote site to 'keep' its original dhcp assigned address for the dhcp duration, 8 days, even when disconnected. This allows DNS to be accurate at all times.

Anyone know how or indeed ir, this can be achived??

NB. Just to add, we are finding that the DNS entries that are being created contain invalid entries filled with invalid characters.

Any ideas?

LR

owillins · ‎06-22-2005

Enter the timeout in minutes for addresses that are obtained from a DHCP server. The minimum timeout is 5 minutes. The default is 120 minutes. The maximum is 500000 minutes. DHCP servers "lease" IP addresses for this period of time. Before the lease expires, the VPN Concentrator asks to renew it on behalf of the client. If for some reason the lease is not renewed, the connection terminates when the lease expires. The DHCP server's lease period takes precedence over this setting.

lee.reade · ‎06-23-2005

Hi,

Thanks for the reply, however I do not see where you would enter the timeouts, on the win2k dhcp server?

This setup is using a pix ver 7.0 and not vpn3000 concentrator for the vpn.

Do you think it is possible to have a vpn client be assigned the same specific ip address from the dhcp even when they have disconnected and reconnected.

?

Cheers

LR