I am unable to understand the following solution from topic related to EzVPN Server on ASA using DHCP . Can anyone please explain further ?
In order to use DHCP for address allocation , you may need to explicitiy disable other methods first. Next you need to configure a DHCP server IP address under the tunnel-group general-attributes using the command : dhcp-server IP ADDRESS . by default the firewall will set the giaddr field in DHCP packets to the IP address of the interface used to query the DHCP server. This will restrict address allocation only to one subnet, directly connected to the firewall . In order to overcome this limitation , you may use the group-policy command dhcp-network-scpoe [giaddr] to specify the giaddr field in DHCP packets. The server will then select matching pool based on this value . However there is a caveat here . The DHCP server will reply with a DHCP packet to the IP address specified in giaddr field . Therefore you need a way to ensure that the firewall advertises this IP address into IGP and may respond to it . The simplest hack to accomplish this is to create a virtual interface using ethernet vlans and asssign it the ip address of giaddr. Thanks
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
