From: Tarun Pahuja (pahujat@gmail.com)
Date: Fri Nov 23 2007 - 20:37:13 ART
Muhammad,
You can use an external server(AAA) for providing
IPAddresses to VPN clients. Look for the command "vpn-addr-assign". You do
not need to configure the ASA as a relay agent in this case.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpnadd.html
HTH,
Tarun
On 11/18/07, Muhammad Nasim <muhammad.nasim@gmail.com> wrote:
>
> Dear All,
>
> I am trying to assign IP addresses to the remote VPN users by DHCP server.
> The users are coming from Outside and the DHCP server is place in Inside.
> I
> tried but DHCP server is not assigning IP addresses to the clients. Do I
> need to configure DHCP relay as well on the ASA for VPN users?.
>
> I know that if the DHCP server is located on the *DMZ* and local lan users
> which are on the *inside *of the ASA then we must enable DHCP relay so ASA
> will act as DHCP relay agent and forwarding the DHCP requests generating
> on
> the inside to the DMZ.
>
> Now for the VPN users do we need to do the same (enable DHCP relay for
> outside) my first thought is* no* because client is initiating a VPN
> connection not a broadcast request for IP address.
>
>
>
> Cisco is not mentioning any thing about this in the document.
>
>
> http://cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpnadd.html#wp999516
> .
>
>
> Any help will be appreciated
>
>
>
>
>
>
>
> --
> Muhammad Nasim
> Network Engineer
> Saudi Arabia
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:31 ART