<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3429" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=134133416-11122008><FONT face=Arial size=2>I am trying to
offload the VPN Client addressing from my Cisco ASA to using DHCP. Cisco
supports RFC 3011 so that I can pick a DHCP pool for each profile I have by
specifying an address in the desired scope.</FONT></SPAN></DIV>
<DIV><SPAN class=134133416-11122008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=134133416-11122008><FONT face=Arial size=2>I have discovered
that our MS DHCP server do not support RFC 3011, so I am testing a linux
box with dhcp V3.1.1 and I had a question on what I am seeing in
dhcpdump:</FONT></SPAN></DIV>
<DIV><SPAN class=134133416-11122008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=134133416-11122008><FONT face=Arial size=2>Inside interface of
my VPN box (ASA 5510) is 172.22.199.248</FONT></SPAN></DIV>
<DIV><SPAN class=134133416-11122008><FONT face=Arial size=2>My Linux Box running
dhcpd is 172.22.1.123</FONT></SPAN></DIV>
<DIV><SPAN class=134133416-11122008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=134133416-11122008><FONT face=Arial
size=2><snip></FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2>subnet 172.22.12.0 netmask 255.255.255.0
{<BR> range 172.22.12.10 172.22.12.30;<BR> option
domain-name-servers 172.22.8.230, 172.22.8.233;<BR> option domain-name
"remote.tal.dom";<BR> default-lease-time 600;<BR> max-lease-time
7200;<BR>}</FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=134133416-11122008><snip></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=134133416-11122008>When I try to log
into the VPN system, I see this on my server:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>dhcpdump -i eth0</FONT></DIV>
<DIV><FONT face=Arial size=2><BR> TIME: 2008-12-11
08:42:18.882<BR> IP: 172.22.199.248 (0:11:20:e2:bb:3f) >
172.22.1.123 (0:11:85:5c:ae:21)<BR> OP: 1
(BOOTPREQUEST)<BR> HTYPE: 1 (Ethernet)<BR> HLEN: 6<BR> HOPS:
0<BR> XID: 082c8acb<BR> SECS: 0<BR> FLAGS: 0<BR>CIADDR:
0.0.0.0<BR>YIADDR: 0.0.0.0<BR>SIADDR: 0.0.0.0<BR>GIADDR: 172.22.12.0<BR>CHADDR:
00:1e:13:12:e9:cd:00:00:00:00:00:00:00:00:00:00<BR> SNAME:
.<BR> FNAME: .<BR>OPTION: 53 ( 1) DHCP message
type 1
(DHCPDISCOVER)<BR>OPTION: 57 ( 2) Maximum DHCP message size
1152<BR>OPTION: 61 ( 35)
Client-identifier
00:63:69:73:63:6f:2d:30:30:31:65:2e:31:33:31:32:2e:65:39:63:64:2d:50:4c:4e:30:35:36:30:38:2d:4c:41:4e:00<BR>OPTION:
12 ( 8) Host
name
PLN0560<BR>OPTION: 55 ( 6) Parameter Request
List 1 (Subnet
mask)<BR>
6 (DNS
server)<BR>
15
(Domainname)<BR>
44 (NetBIOS name
server)<BR>
3
(Routers)<BR>
33 (Static
route)<BR>
<BR>---------------------------------------------------------------------------</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> TIME: 2008-12-11
08:42:19.003<BR> IP: 172.22.1.123 (0:11:85:5c:ae:21) >
172.22.12.0 (0:0:c:7:ac:1)<BR> OP: 2
(BOOTPREPLY)<BR> HTYPE: 1 (Ethernet)<BR> HLEN: 6<BR> HOPS:
0<BR> XID: 082c8acb<BR> SECS: 0<BR> FLAGS: 0<BR>CIADDR:
0.0.0.0<BR>YIADDR: 172.22.12.11<BR>SIADDR: 0.0.0.0<BR>GIADDR:
172.22.12.0<BR>CHADDR:
00:1e:13:12:e9:cd:00:00:00:00:00:00:00:00:00:00<BR> SNAME:
.<BR> FNAME: .<BR>OPTION: 53 ( 1) DHCP message
type 2
(DHCPOFFER)<BR>OPTION: 54 ( 4) Server
identifier
172.22.1.123<BR>OPTION: 51 ( 4) IP address
leasetime 600 (10m)<BR>OPTION: 1
( 4) Subnet
mask
255.255.255.0<BR>OPTION: 6 ( 8) DNS
server
172.22.8.230,172.22.8.233<BR>OPTION: 15 ( 15)
Domainname
remote.tal.dom<BR>---------------------------------------------------------------------------</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=134133416-11122008>And it repeats 4
times and eventually my client get's no address. </SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=134133416-11122008></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=134133416-11122008>It looks like I am
getting farther that the MS DHCP server. But I don't understand this line in the
reply:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=134133416-11122008></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=134133416-11122008>IP: 172.22.1.123
(0:11:85:5c:ae:21) > 172.22.12.0 (0:0:c:7:ac:1)</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=134133416-11122008><FONT face=Arial size=2>What would it reply
TO and address that is part of it's own pool?? Should it not reply to the IP in
the original request? Or how would my packet make it back to my
ASA?</FONT></SPAN></DIV>
<DIV><SPAN class=134133416-11122008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=134133416-11122008><FONT face=Arial
size=2>Nick</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV align=left><FONT face="Comic Sans MS" size=1><STRONG>Nick
Ellson</STRONG></FONT></DIV>
<DIV align=left><FONT face="Comic Sans MS" size=1><STRONG>CCIE#
20018<BR>Infrastructure Specialist</STRONG></FONT></DIV>
<DIV align=left><FONT face="Comic Sans MS" size=1><STRONG>PGE, Network
Operations Center<BR>7 am - 4 pm, Pacific M-F </STRONG></FONT></DIV>
<DIV align=left><FONT face="Comic Sans MS" size=1><STRONG>Personal: (503)
464-2995<BR>Network Trouble: (503) 464-8754<BR>"Educating Layer 8, one user at a
time."</STRONG></FONT></DIV>
<DIV align=left><FONT face="Comic Sans MS" size=1></FONT> </DIV>
<DIV> </DIV></BODY></HTML>