[c-nsp] Concentrator and DHCP server problem
Masood Ahmad Shah
masood at nexlinx.net.pk
Fri Jan 18 15:06:51 EST 2008
It should work fine as long as the relay and filters are configured
properly. I'm writing the steps which works fine for me.
1. From the VPN Concentrator console, select Configuration > System > IP
Routing > DHCP Relay. Select the Enabled check box to activate DHCP relay,
and enter the forwarding IP address and subnet mask.
2. From the VPN Concentrator console, select Configuration > Policy
Management > Traffic Management > Assign Rules to Filter. In the resulting
screen (shown below), move the DHCP In and DHCP Out rules from Available
Rules to Current Rules in Filter.
While reviewing your debug logs I can see that your dhcp server address has
been configured 172.28.32.13 instead of your listed dhcp server address
172.28.33.13; might be typo error :)
Regards,
Masood Ahmad Shah
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of wasim hasan
Sent: Sunday, January 13, 2008 9:00 PM
To: cisco-nsp at puck.nether.net
Cc: wasiim8 at hotmail.com
Subject: [c-nsp] Concentrator and DHCP server problem
Dear all
my vpn concentrator is not able to give ip to remote access vpn client.
concentrator is acting
as dhcp rely agent. Concentrator priviate interface is connected with a pix
firewall dmz who is
also acting as dhcp rely for some other networks in its dmz.
concentrator is able to ping dhcp and all the connectivity is okay.
i m getting following errors while client tries to connect with
concentrator.\
1033 01/13/2008 16:48:33.780 SEV=9 DHCPDBG/29 RPT=5452 DHCP poll timeouts
routine entered 1034 01/13/2008 16:48:33.780 SEV=9 DHCPDBG/30 RPT=5452 DHCP
poll stats: callbacks 0, active CBs 0, total CBs 1 1035 01/13/2008
16:48:34.670 SEV=9 DHCPDBG/15 RPT=44 DHCP task:
Timeout type 0, msg 0x7049db8 1036 01/13/2008 16:48:34.670 SEV=8 DHCPDBG/36
RPT=30 DHCP no response to DISCOVER sent to 172.28.32.13 (xid 3684789027)
1037 01/13/2008 16:48:34.670 SEV=7 DHCPDBG/40 RPT=30 DHCP attempt to get
next server failed (xid 3684789027) 1038 01/13/2008 16:48:34.670 SEV=9
DHCPDBG/28 RPT=194 DHCP restart servers routine entered 1039 01/13/2008
16:48:34.670 SEV=9 DHCPDBG/38 RPT=45 DHCP obtained first server 172.28.32.13
port 67 (xid 3684789027) 1040 01/13/2008 16:48:34.670 SEV=8 DHCPDBG/46
RPT=45 DHCP sending DISCOVER to server 172.28.32.13 port 67 (xid 3684789027)
kindly help me out. I cant disable dhcp rely on pix bcz other subnet will
suffer.
my dhcp server is working fine and assigning ip to rest of all my network.
please help me out.
dhcp server address is 172.28.33.13
pix dmz ip 172.28.95.2
concentrator 172.28.95.95
static (inside,edn) 172.28.32.13 172.28.32.13 netmask 255.255.255.255
access-list nonat extended permit ip 172.28.32.0 255.255.255.0 172.28.32.0
255.255.255.0
access-list nonat extended permit ip 172.28.92.0 255.255.255.0 172.28.37.0
255.255.255.0access-list nonat extended permit ip 172.28.32.0 255.255.255.0
172.28.37.0 255.255.255.0access-list nonat extended permit ip 172.28.64.0
255.255.255.0 172.28.37.0 255.255.255.0nat (inside) 0 access-list nonat
dhcp filter is applied on concentrator public interface. DHCP rely is
enable.
Regards,
Wasim Hassan
Wateen Telecom
Sr. Executive O&M
Cell: +242-6281124
+242-7066846
_________________________________________________________________
Put your friends on the big screen with Windows VistaR + Windows LiveT.
http://www.microsoft.com/windows/shop/specialoffers.mspx?ocid=TXT_TAGLM_CPC_
MediaCtr_bigscreen_012008
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list