Jim Yes, the dhcp-network-scope address should a 32 bit address else it won't work. But look at the below snippet, you can see a subnet specified.
And the IP address should be address of the interface that is connected to the client and that address should routable i.e., DHCP server should be able to reach it. Snippet from http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpnadd.html hostname(config)#* vpn-addr-assign dhcp* hostname(config)# *tunnel-group firstgroup type ipsec-ra* hostname(config)# *tunnel-group firstgroup general-attributes* hostname(config-general)# *dhcp-server 172.33.44.19* hostname(config-general)# *exit* hostname(config)# *group-policy remotegroup internal* hostname(config)# *group-policy remotegroup attributes* hostname(config-group-policy)# *dhcp-network-scope 192.86.0.0* With regards Kings On Wed, Sep 21, 2011 at 5:52 PM, Jim Terry <[email protected]> wrote: > Hi Kings, > > The scope on the ASA should actually be a /32 and that /32 also needs > to be a non connected interface. So I think R1 should respond to > 10.20.30.x > > JT > > > > On Wed, Sep 21, 2011 at 1:37 AM, Kingsley Charles > <[email protected]> wrote: > > Hi all > > > > R1 is the dhcp server which and has been configured for the dhcp pool > > 10.20.30.0/24. The ASA sends DHCP DISCOVER when the VPN client is > trying to > > connect and from the dhcp debug messages on R1, I see that the IOS is > > leasing an IP address from 10.20.30.0/24. But R1 is sending the DHCP > OFFER > > replies to "10.20.30.0". Thus the ASA nevers gets an IP address for the > > client. > > > > Now is this correct? > > > > The DHCP server R1 should send replies to 20.10.30.2 not to the relay IP > > address, isn't it? > > > > > > 20.10.30.1 20.10.30.2 > > R1 (dhcp server) ------------------------ ASA (EzVPN server) > --------------- > > VPN Client > > > > > > hostname(config)# vpn-addr-assign dhcp > > > > hostname(config)# tunnel-group firstgroup type ipsec-ra > > > > hostname(config)# tunnel-group firstgroup general-attributes > > > > hostname(config-general)# dhcp-server 20.10.30.40 > > > > hostname(config-general)# exit > > > > hostname(config)# group-policy remotegroup internal > > > > hostname(config)# group-policy remotegroup attributes > > > > hostname(config-group-policy)# dhcp-network-scope 10.20.30.0 > > > > > > > > With regards > > Kings > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > > www.PlatinumPlacement.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
