Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2014
Views
0
Helpful
5
Replies

VPN and DHCP

Go to solution
haggittmark@tm-america.com
Level 1
Level 1

‎08-12-2019 08:21 AM

We have two Cisco 5508X firewalls (one is for failover).  For VPN, we use the old Cisco VPN Client (5.7) and IPSEC.  In the configuration of the firewall, clients authenticate against the domain controller’s address.  The domain controller’s OS is MS Server 2016 Datacenter.

We have noticed in DNS (Microsoft) that some of the VPN clients have the same IP addresses.  There is not a DHCP scope (Microsoft) setup for the VPN network.  To ensure that each VPN client has a separate IP address, can I simply create the scope in DHCP (Microsoft), or is there more to it?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
haggittmark@tm-america.com
Level 1
Level 1

‎08-19-2019 10:20 AM

A Cisco tech confirmed What Don and John said. He showed me in the ASDM where each client has it's own IP. The DNS entries were historical.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎08-12-2019 08:36 AM

Trying to understand you have Duplicate address for VPN users, what is the lease expiry or DNS Flush for the disconnected clients set for ?

 

or you looking to create a new scope in DHCP, so you get dedicated IP address range for VPN ? in this case yes you can create own IP rannge in DHCP and take to VPN profile.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
haggittmark@tm-america.com
Level 1
Level 1
In response to balaji.bandi

‎08-12-2019 11:02 AM

So, VPN users seem to get the same IP address.  I do not know if I would call them a lease because there is no DHCP scope, but they do have a timestamp. 

What does; “… and take to the VPN profile” mean?

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to haggittmark@tm-america.com

‎08-12-2019 11:42 AM

If you have VPN profiles created for user to connect from remotely, you need add DHCP range for them to get seperated from address you are not looking to get.

 

here is the below document for reference (hope this what you looking, if not explain more)

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/109493-asa-vpn-dhcp-asdm-config.html

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
haggittmark@tm-america.com
Level 1
Level 1
In response to balaji.bandi

‎08-12-2019 12:40 PM

Thanks!  That article looks like it will do the trick.  I'll let you know.

0 Helpful

Go to solution
haggittmark@tm-america.com
Level 1
Level 1

‎08-19-2019 10:20 AM

A Cisco tech confirmed What Don and John said. He showed me in the ASDM where each client has it's own IP. The DNS entries were historical.

0 Helpful
Customers Also Viewed These Support Documents