[c-nsp] Concentrator and DHCP server problem

wasim hasan wasiim8 at hotmail.com
Sun Jan 13 11:00:04 EST 2008 



Dear  all 
 
 
 
my vpn concentrator is not able to give ip to remote access vpn client. concentrator is acting
as dhcp rely agent. Concentrator priviate interface is connected with a pix firewall dmz who is
also acting as dhcp rely for some other networks in its dmz.
 
concentrator is able to ping dhcp and all the connectivity is okay.
 
i m getting following errors while client tries to connect with concentrator.\
 
1033 01/13/2008 16:48:33.780 SEV=9 DHCPDBG/29 RPT=5452 DHCP poll timeouts routine entered 1034 01/13/2008 16:48:33.780 SEV=9 DHCPDBG/30 RPT=5452 DHCP poll stats: callbacks 0, active CBs 0, total CBs 1 1035 01/13/2008 16:48:34.670 SEV=9 DHCPDBG/15 RPT=44 DHCP task: Timeout type 0, msg 0x7049db8 1036 01/13/2008 16:48:34.670 SEV=8 DHCPDBG/36 RPT=30 DHCP no response to DISCOVER sent to 172.28.32.13 (xid 3684789027) 1037 01/13/2008 16:48:34.670 SEV=7 DHCPDBG/40 RPT=30 DHCP attempt to get next server failed (xid 3684789027) 1038 01/13/2008 16:48:34.670 SEV=9 DHCPDBG/28 RPT=194 DHCP restart servers routine entered 1039 01/13/2008 16:48:34.670 SEV=9 DHCPDBG/38 RPT=45 DHCP obtained first server 172.28.32.13 port 67 (xid 3684789027) 1040 01/13/2008 16:48:34.670 SEV=8 DHCPDBG/46 RPT=45 DHCP sending DISCOVER to server 172.28.32.13 port 67 (xid 3684789027)
 
kindly help me out. I cant disable dhcp rely on pix bcz other subnet will suffer.
my dhcp server is working fine and assigning ip to rest of all my network.
 
please help me out.
 
dhcp server address is 172.28.33.13
pix dmz ip 172.28.95.2
concentrator 172.28.95.95
 
 
static (inside,edn) 172.28.32.13 172.28.32.13 netmask 255.255.255.255
access-list nonat extended permit ip 172.28.32.0 255.255.255.0 172.28.32.0 255.255.255.0
access-list nonat extended permit ip 172.28.92.0 255.255.255.0 172.28.37.0 255.255.255.0access-list nonat extended permit ip 172.28.32.0 255.255.255.0 172.28.37.0 255.255.255.0access-list nonat extended permit ip 172.28.64.0 255.255.255.0 172.28.37.0 255.255.255.0nat (inside) 0 access-list nonat
 
 
dhcp filter is applied on concentrator public interface. DHCP rely is enable.  
 
 
 
Regards,
 
Wasim Hassan
Wateen Telecom
Sr. Executive O&M
Cell:  +242-6281124
            +242-7066846
 
_________________________________________________________________
Put your friends on the big screen with Windows Vista® + Windows Live™.
http://www.microsoft.com/windows/shop/specialoffers.mspx?ocid=TXT_TAGLM_CPC_MediaCtr_bigscreen_012008

More information about the cisco-nsp mailing list