I also tried changing the dhcp-network-scope 10.1.100.0 to a host address in the scope of 10.1.100.254 and adding a /32 host route on the ASA to this address pointing to the switch, but that still did not work.
On Wed, Mar 7, 2012 at 3:04 PM, Joe Astorino <[email protected]> wrote: > Hello, > > I am trying to modify an ASA configuration such that remote SSL VPN > users receive an IP address from a DHCP server running on a 3550 > switch inside instead of from a local pool on the ASA. I want to do > that because the 3550 switch itself is a DHCP client that pulls in DNS > server addresses from an ISP. I import those DNS settings into my > DHCP pools so that I can hand out that DNS information to clients. I > have modified my configuration as follows > > no ip local pool SSLClientPool 10.1.100.50-10.1.100.100 mask 255.255.255.0 > no vpn-addr-assign aaa > no vpn-addr-assign local > vpn-addr-assign dhcp > ! > tunnel-group SSLClient general-attributes > dhcp-server 10.1.19.9 > ! > group-policy SSLClient attributes > no address-pools value SSLClientPool > dhcp-network-scope 10.1.100.0 > > > On the switch I have the pool defined > > ip dhcp pool SSL-VPN > import all > network 10.1.100.0 255.255.255.0 > > I see absolutely nothing happening. When the client connects and > authenticates I just get the following in the log > > %ASA-5-737018: IPAA: DHCP request attempt 1 failed > %ASA-5-737003: IPAA: DHCP configured, no viable servers found for > tunnel-group 'SSLClient' > > The DHCP server is reachable from the ASA via ping. I have even done > a "debug ip packet" tied to an ACL on the L3 switch that looks at any > traffic coming from the inside interface of the ASA. It appears the > ASA never at any point sends the DHCP request at all. > > Any ideas? > > > > -- > Regards, > > Joe Astorino > CCIE #24347 > http://astorinonetworks.com > > "He not busy being born is busy dying" - Dylan -- Regards, Joe Astorino CCIE #24347 http://astorinonetworks.com "He not busy being born is busy dying" - Dylan _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
