:-)
With regards Kings On Wed, Sep 21, 2011 at 6:27 PM, Jim Terry <[email protected]> wrote: > Hi Kings, > > So is the question that the Config Guide gives bad advice in an example? > > I think that happens alot! > > JT > > > On Wed, Sep 21, 2011 at 6:36 AM, Kingsley Charles > <[email protected]> wrote: > > Jim > > > > Yes, the dhcp-network-scope address should a 32 bit address else it won't > > work. But look at the below snippet, you can see a subnet specified. > > > > And the IP address should be address of the interface that is connected > to > > the client and that address should routable i.e., DHCP server should be > able > > to reach it. > > > > Snippet from > > > http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpnadd.html > > > > hostname(config)# vpn-addr-assign dhcp > > > > hostname(config)# tunnel-group firstgroup type ipsec-ra > > > > hostname(config)# tunnel-group firstgroup general-attributes > > > > hostname(config-general)# dhcp-server 172.33.44.19 > > > > hostname(config-general)# exit > > > > hostname(config)# group-policy remotegroup internal > > > > hostname(config)# group-policy remotegroup attributes > > > > hostname(config-group-policy)# dhcp-network-scope 192.86.0.0 > > > > > > With regards > > Kings > > > > On Wed, Sep 21, 2011 at 5:52 PM, Jim Terry <[email protected]> wrote: > >> > >> Hi Kings, > >> > >> The scope on the ASA should actually be a /32 and that /32 also needs > >> to be a non connected interface. So I think R1 should respond to > >> 10.20.30.x > >> > >> JT > >> > >> > >> > >> On Wed, Sep 21, 2011 at 1:37 AM, Kingsley Charles > >> <[email protected]> wrote: > >> > Hi all > >> > > >> > R1 is the dhcp server which and has been configured for the dhcp pool > >> > 10.20.30.0/24. The ASA sends DHCP DISCOVER when the VPN client is > >> > trying to > >> > connect and from the dhcp debug messages on R1, I see that the IOS is > >> > leasing an IP address from 10.20.30.0/24. But R1 is sending the DHCP > >> > OFFER > >> > replies to "10.20.30.0". Thus the ASA nevers gets an IP address for > the > >> > client. > >> > > >> > Now is this correct? > >> > > >> > The DHCP server R1 should send replies to 20.10.30.2 not to the relay > IP > >> > address, isn't it? > >> > > >> > > >> > 20.10.30.1 20.10.30.2 > >> > R1 (dhcp server) ------------------------ ASA (EzVPN server) > >> > --------------- > >> > VPN Client > >> > > >> > > >> > hostname(config)# vpn-addr-assign dhcp > >> > > >> > hostname(config)# tunnel-group firstgroup type ipsec-ra > >> > > >> > hostname(config)# tunnel-group firstgroup general-attributes > >> > > >> > hostname(config-general)# dhcp-server 20.10.30.40 > >> > > >> > hostname(config-general)# exit > >> > > >> > hostname(config)# group-policy remotegroup internal > >> > > >> > hostname(config)# group-policy remotegroup attributes > >> > > >> > hostname(config-group-policy)# dhcp-network-scope 10.20.30.0 > >> > > >> > > >> > > >> > With regards > >> > Kings > >> > > >> > _______________________________________________ > >> > For more information regarding industry leading CCIE Lab training, > >> > please > >> > visit www.ipexpert.com > >> > > >> > Are you a CCNP or CCIE and looking for a job? Check out > >> > www.PlatinumPlacement.com > >> > > > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
