Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
655
Views
0
Helpful
1
Replies

VPN Clinet IP netmask wrong with DHCP

Yuliang Liang
Level 1
Level 1

‎01-23-2017 01:05 AM

Hi, 

I want to set VPN client get IP via DHCP Server(window 2012). and I have finished the setting in DHCP Server.

the ip pool range is 10.23.1.1 - 10.21.1.127 netmask 255.255.255.0, but the client get the IP is 10.21.1.x netmask 255.0.0.0

is there any thing i setting wrong in ASA?

here is the main configuration:

group-policy ExUsers internal
group-policy ExUsers attributes
dhcp-network-scope 10.23.1.0
vpn-tunnel-protocol ikev1 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPNCLIENT_SPLIT

tunnel-group Ext-VPN type remote-access
tunnel-group Ext-VPN general-attributes
authentication-server-group LDAP-IDC
default-group-policy ExUsers
dhcp-server 10.23.88.200
tunnel-group Ext-VPN ipsec-attributes
ikev1 pre-shared-key *****

Labels:
0 Helpful
1 Reply 1

Rahul Govindan
VIP Alumni
VIP Alumni

‎01-23-2017 04:19 AM

The ASA config looks correct. Is the 10.21.1.x a pool on the DHCP server or is it locally defined on the ASA?

Also, does your server support RFC 3011? You can enable the command "dhcp-server subnet-selection (server ip)" under the tunnel-group to see if this helps choose the right subnet. More on this option here:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/118084-configure-anyconnect-00.html

0 Helpful
Customers Also Viewed These Support Documents