Solved: VPNClient. How can I get options from DHCP(ISA) by ASA?

Tomasz Tuzimek · ‎12-01-2010

PC connects to ASA by VPNclient. Remote PC has got firewall client(Microsoft). DHCP for VPN clients is running on the ISA (inside ASA). ASA is a VPN concentrator. I get only IP address from DHCP but Option 252(Automatic Discovery for Firewall and Web Proxy Clients) doesn't pass to client(PC). How can I inject DHCP options to Cisco VPN Client.

group-policy vpnX attributes
dns-server value 10.122.104.137 (ISA)

vpn-tunnel-protocol IPSec
password-storage enable
pfs enable
split-tunnel-policy tunnelall
split-dns none
dhcp-network-scope 10.122.10.0

tunnel-group X type remote-access
tunnel-group X general-attributes
authentication-server-group IAS_X

default-group-policy vpnX
password-management

dhcp-server 10.122.104.137 (ISA)
tunnel-group X ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 60 retry 10

Marcin Latosiewicz · ‎12-01-2010

Tomasz,

Client doesn't talk DHCP to ASA. ASA talks to DHCP server in the background.

Whatever you would like client to know about you need to send inside mode config.

By the looks of it, it will be related to msie-proxy settings.

Long time ago following enahncement request was filed for this problem.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsr53828

Marcin

View solution in original post

Marcin Latosiewicz · ‎12-01-2010