Hi Kings, The scope on the ASA should actually be a /32 and that /32 also needs to be a non connected interface. So I think R1 should respond to 10.20.30.x
JT On Wed, Sep 21, 2011 at 1:37 AM, Kingsley Charles <[email protected]> wrote: > Hi all > > R1 is the dhcp server which and has been configured for the dhcp pool > 10.20.30.0/24. The ASA sends DHCP DISCOVER when the VPN client is trying to > connect and from the dhcp debug messages on R1, I see that the IOS is > leasing an IP address from 10.20.30.0/24. But R1 is sending the DHCP OFFER > replies to "10.20.30.0". Thus the ASA nevers gets an IP address for the > client. > > Now is this correct? > > The DHCP server R1 should send replies to 20.10.30.2 not to the relay IP > address, isn't it? > > > 20.10.30.1 20.10.30.2 > R1 (dhcp server) ------------------------ ASA (EzVPN server) --------------- > VPN Client > > > hostname(config)# vpn-addr-assign dhcp > > hostname(config)# tunnel-group firstgroup type ipsec-ra > > hostname(config)# tunnel-group firstgroup general-attributes > > hostname(config-general)# dhcp-server 20.10.30.40 > > hostname(config-general)# exit > > hostname(config)# group-policy remotegroup internal > > hostname(config)# group-policy remotegroup attributes > > hostname(config-group-policy)# dhcp-network-scope 10.20.30.0 > > > > With regards > Kings > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
