Hi Kings, So is the question that the Config Guide gives bad advice in an example?
I think that happens alot! JT On Wed, Sep 21, 2011 at 6:36 AM, Kingsley Charles <[email protected]> wrote: > Jim > > Yes, the dhcp-network-scope address should a 32 bit address else it won't > work. But look at the below snippet, you can see a subnet specified. > > And the IP address should be address of the interface that is connected to > the client and that address should routable i.e., DHCP server should be able > to reach it. > > Snippet from > http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpnadd.html > > hostname(config)# vpn-addr-assign dhcp > > hostname(config)# tunnel-group firstgroup type ipsec-ra > > hostname(config)# tunnel-group firstgroup general-attributes > > hostname(config-general)# dhcp-server 172.33.44.19 > > hostname(config-general)# exit > > hostname(config)# group-policy remotegroup internal > > hostname(config)# group-policy remotegroup attributes > > hostname(config-group-policy)# dhcp-network-scope 192.86.0.0 > > > With regards > Kings > > On Wed, Sep 21, 2011 at 5:52 PM, Jim Terry <[email protected]> wrote: >> >> Hi Kings, >> >> The scope on the ASA should actually be a /32 and that /32 also needs >> to be a non connected interface. So I think R1 should respond to >> 10.20.30.x >> >> JT >> >> >> >> On Wed, Sep 21, 2011 at 1:37 AM, Kingsley Charles >> <[email protected]> wrote: >> > Hi all >> > >> > R1 is the dhcp server which and has been configured for the dhcp pool >> > 10.20.30.0/24. The ASA sends DHCP DISCOVER when the VPN client is >> > trying to >> > connect and from the dhcp debug messages on R1, I see that the IOS is >> > leasing an IP address from 10.20.30.0/24. But R1 is sending the DHCP >> > OFFER >> > replies to "10.20.30.0". Thus the ASA nevers gets an IP address for the >> > client. >> > >> > Now is this correct? >> > >> > The DHCP server R1 should send replies to 20.10.30.2 not to the relay IP >> > address, isn't it? >> > >> > >> > 20.10.30.1 20.10.30.2 >> > R1 (dhcp server) ------------------------ ASA (EzVPN server) >> > --------------- >> > VPN Client >> > >> > >> > hostname(config)# vpn-addr-assign dhcp >> > >> > hostname(config)# tunnel-group firstgroup type ipsec-ra >> > >> > hostname(config)# tunnel-group firstgroup general-attributes >> > >> > hostname(config-general)# dhcp-server 20.10.30.40 >> > >> > hostname(config-general)# exit >> > >> > hostname(config)# group-policy remotegroup internal >> > >> > hostname(config)# group-policy remotegroup attributes >> > >> > hostname(config-group-policy)# dhcp-network-scope 10.20.30.0 >> > >> > >> > >> > With regards >> > Kings >> > >> > _______________________________________________ >> > For more information regarding industry leading CCIE Lab training, >> > please >> > visit www.ipexpert.com >> > >> > Are you a CCNP or CCIE and looking for a job? Check out >> > www.PlatinumPlacement.com >> > > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
