No subject


Fri Feb 17 00:23:59 UTC 2012 

fill-in for the DHCP Network Scope in the Group configuration, under the
General tab for a proxy agent IP. If this isn't filled-in, the conc will use
the IP of the inside interface, which may not be what you want.
If your concentrator's on a different subnet than the DHCP server, be sure
to fill-out the DHCP network scope with a different in the group's config,
routable IP address for each concentrator, since the DHCP server will try to
unicast a response back to the IP of the proxy agent (the IP you filled-in
under DHCP network scope) rather than the IP of the concentrator itself (I
think this is broken behavior on the concentrator's side, rather than the
DHCP server's)

These concentrators have lots of quirks like that (like a semi-broken OSPF
implementation).

Cheers,

Karl


On 6/17/06, John Hascall <john at iastate.edu> wrote:
>
>
> > I have been trying to get DHCP set up for (2) Cisco 3030 VPN
> > concentrators.  I have confirmed that the configuration on the devices
> > is correct but I am still not able to get an address from the DHCP
> > server.  I think the issue may be how the DHCP address is being
> > requested.  The VPN client are all on Windows XP and running the Cisco
> > VPN client.  Below is what I am seeing on the DHCP server when the
> > request is being relayed via the VPN concentrator:
> >
> > Jun 16 19:03:05 scratchy dhcpd: DHCPDISCOVER from 00:03:a0:89:22:43 via
> > 10.6.1.122: unknown network segment
>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> > I think the problem is the multiple DHCPDISCOVER requests coming from
> > the concentrator / VPN client.  Below is a section from a Microsoft
> > support site:   ...
>
>     I strongly doubt this has anything to do with you problem.
>
>     The error message you are getting says that your DHCP server
>     knows nothing about 10.6.1.122 -- the address the requests
>     are coming from (which is presumably your VPN Conc).
>
>     You need to have an appropriate subnet definition in
>     your dhcpd.conf file which includes that address.
>     I do not know what your subnet mask is, but perhaps
>     one of these:
>
>          subnet 10.6.1.0 netmask 255.255.255.0 {
>          }
>     or:
>          subnet 10.6.0.0 netmask 255.255.0.0 {
>          }
>     or:
>          subnet 10.0.0.0 netmask 255.0.0.0 {
>          }
>
> John
>
>


-- 
Karl Mueller CCNP MCSE
Network Engineer
703 946 6638

More information about the dhcp-users mailing list