VPN 3020 - relay DHCP and reservations

Hi all

I have a VPN concentrator 3020 in my structure and I am setting up allocation of an IP address by an external DHCP server.

There is no problem in that: the client authenticates and then receives its IP address...

the problem is that I need to configure a reservation on the DHCP server... the question is: which is the mac address, use the booking?

I saw on the server the mac address of the dhcp request is something like this 0003a08a5308020e7f28f4e9a82000, which is the mac address of the external interface of the vpn concentrator, as well as many other characters, which does not seem to be related to the client or any other part of the network and change each time we connect...

I think that I can not assign the static IP address on the hub, or GBA, because users authenticate to the VPN through MS Active Directory hub, so that they do not really exist on these devices...

Anyone know how I can do this job?

Thank you very much

Marco

You can do that with the ip address of the DHCP server.

You can configure the LDAP server to assign the individual ip address depending on whether the user authenticates to the access customer vpn.

You must configure the LDAP server for permission in the VPN concentrator, but also to enable 'Use authentication server address' for the assignment of an ip address.

Tags: Cisco Security

Similar Questions

  • Using to relay DHCP on LAN remote IPSec VPN WRVS4400N

    Hello

    I have a WRVS4400N. I want to know if it is possible to configure the remote relay DHCP WRVS4400N to find a DHCP server on the local network. The local network is 192.168.2.0/24, and the Remote LAN is 192.168.1.0/24. I am entered the field of relay DHCP server 192.168.1.100 but my local PC does not get an IP address. So, I would like to than the local PC to get an IP from DHCP address 192.168.2.x server remote (LAN) through the IPSec VPN tunnel. Is this possible?

    The IPSec tunnel works. I ping the 192.168.1.100 remote DHCP server, if the local PC, a static IP address 192.168.2.x I have the configuration of the DHCP server with an IP of 192.168.2.x/24 range.

    The remote VPN router is a Netgear FVS114.

    Thank you

    NIC

    The wrvs4400n, you cannot do the dhcp relay in the vpn tunnel.  You may need to get a business for which solution or a connection point to point for both networks on the same local network configuration.

  • SGE2000 relay DHCP problem

    I'm looking for more help with DHCP relay on a switch SGE2000.

    I have configured the two VLAN on the switch, (192.168.10.x/24) VLAN2 and VLAN3 (192.168.9.x/24). I have the Layer 3 switch. I configured the 192.168.10.4 DHCP and the DHCP Interfaces like VLAN3 relay server. All static IP Routes have been generated by the switch.

    If I put a client computer on a port which is Untagged VLAN 3 and try to get a DHCP address from the server on a port that is not tagged VLAN 2 I never get a response.

    I made a few captures package and here is what I found:

    1. I see the DHCP on the client computer
    2. I see the DHCP Request to the DHCP server from the IP shown in the switch to VLAN 3 (192.168.9.254)
    3. I see the server DHCP responds with a DHCP offer
    4. The DHCP offer never gets the client computer

    I can't get a DHCP address to any system not on the same VLAN as the DHCP server. 82 option is disable, and tried him, that made no difference.

    Any help would be great.

    Thank you

    Phil

    Hi phil,.

    Have you created a static route on the DHCP server that points to the network 192.168.9.0/24.

    The entry door for this network, in the perspective of relay DHCP servers, is the IP address of the switch SGE2000 VLAN2.

    I think that if you tried to ping to the IP address of the switch VLAN3 with the DHCP server now, you will not get a response.

    When you create a static route to be persistent in the DHCP server, you should then be able to address IP VLAN3 ping of the switch.

    Best regards, Dave

  • Problems with P2P VPN with interface DHCP

    I have properly configured a P2P VPN with two Cisco 888 using the static IP address. If I put a single interface to DHCP and the unit is power cycling it won't ask an IP address, until I have don't deliver "no card crypto " and bounce the interface.

    Any ideas on how I can leave the card encryption in place and have the interface to get an IP address?

    Thanks in advance.

    With config like this:

    access ip-list 100 permit a whole

    You are due ALL traffic is encrypted and expect to have to decrypt all traffic. That is traffic that is recived on the interface will be deleted unless they are encrypted.

  • Time Capsule do not pick up address DHCP and cable modem...

    You just bought a Time Capsule and a couple of Airport Express. If none of these devices are connected together via Ethernet, they seem to have set themselves up, and all is well.

    That being said, I tried to create a mobile network instead of pure wi - fi and am studying various behaviors that are not as expected when I rear hub to the Internet Time Capsule, but need to isolate and go 1 bit at a time... (it works not as well as suggest Apple instructions on homelessness of installation)...

    If:

    1. configuration of the modem cable shows that DHCP is 'ON' and supplied address range 192.168.0.x by 192.168.0.y,.

    2 Cable modem wireless is disabled,

    3 Time Capsule Wan is connected to the cable modem, Ethernet

    4 Time Capsule is configured to request its address IP, DHCP

    5. Airport Express is in Bridge mode and have addresses such as 10.x.y.z (appears to be from a Time capsule).

    6. safe as Time Capsule is set to be as DHCP and NAT

    7. There is NO other device in this configuration connected by Ethernet except the cable Modem and the Time Capsule.

    So, why is the IP address of the time Capsule 76.181.45.xyz? (The address is NOT in the range of the DHCP as described in the #1; it is not supposed to be?) ....

    Whence this address?

    A friend says this address puts the "other side" Time Capsule of the cable Modem, directly on the Net?... (Shouldn't worry?) ....

    If none of these devices are connected together via Ethernet, they seem to have set themselves up, and all is well.

    It's because you didn't have the devices connected via Ethernet before you set up the. Given that the installation utility saw a wireless connection, it is assumed that this was the way that you want to connect devices on your network at all times... so he put it this way.

    If you had an established connection Ethernet before you ran the installer, then the utility would have detected this connection and set up the airport to "expand using Ethernet", does not extend to assistance of wireless.

    (it works not as well as suggest Apple instructions on homelessness of installation)...

    If all goes well, you don't talk about this document... Wi - Fi base stations: extend the reach of your network wireless by adding additional base stations Wi - Fi - Apple Suppo... .. Since the 'how' information in this article is at least 4 years late, bear little resemblance to the latest version of AirPort Utility and some of the information are simply not true.  This document if trash is what you... He'll probably do more harm than good with regard to the details of setting.  The article is OK for basic general information, however.

    6. safe as Time Capsule is set to be as DHCP and NAT

    It should not be if your modem is a modem/router "" or type 'bridge' of the device which is also DHCP and NAT services. The fact that you have disabled the wireless on the device confirms that it is both a modem AND a router. That being the case, then you have two devices that both struggling among themselves to try to control the same network... AND do you also have a network error called Double NAT... something you don't want.

    Probably the best at everything again and provide us with the number of brand and model of your "modem", that we can confirm what it is that you have, then the correctly configured time Capsule to work with this device. Once the time Capsule is set up correctly, it will be easy to put in place the other airports.

  • I bought an iPad 2 Air and reserved for a free service call to show me the ropes. Nobody phoned me in the allotted time. What should I do?

    I bought an iPad 2 Air and reserved for a free service call to show me the ropes. Nobody phoned me in the allotted time. What should I do?

    Click on the help link at the top of the page and connect with Apple

    Or you are welcome to ask us your questions

    iPad - configuration - Apple Support

    User Guide - Apple iPad

  • Satellite A200-22I - DHCP and SENSE of the problems when you start Windows Vista

    When I started my laptop yesterday, I noticed it was going quite slowly, more there was a message saying that windows could not connect to a specified service.

    As a result my firewall was off tour and I can t connect to the internet. I tried to turn on the firewall, but I couldn't... and today, I tried another connection to inalambric, but I couldn't connect to the internet.

    I checked the registry of the solution and the problem and found it was something related to DHCP and sense.

    But really, I don - t know what causes this problem...

    I searched other forums where people have had the same problem but I could t find any solution apart from reinstalling Vista...

    Can someone help me? Help will be very appreciated!

    Thank you

    Hello

    What do you mean with SENSE? I never heard tell about.

    I put t know what are the causes of the problem too but did you look in Event Viewer? Sometimes, it's really useful.
    If you have a network problem, you must update the driver WLAN or LAN (depending on whether you are using). You can find it on the Toshiba site:
    http://EU.computers.Toshiba-Europe.com-online decision-making supported Downloads & => Download drivers

    It would be interesting to know what Windows service, you mean. View more information on this error.

    Welcome them

  • Removal of the SBS 2011 server how to migrate DHCP and DNS services to the firewall

    I have a small client that has an old server that comes close to falling; its off primary runnign the disk space and must often be restarted.  they do not need the server and it was decided to remove the server and use a working group with NAS drive for their records.  They have a sonicwall firewall that can handle all DHCP services.  All computers have disjoint form field, all profiles will migrate the workstation's local user accounts.  all work, printing, file sharing and internet services.  When the server is stopped, after about 10 minutes the network goes down and I can't even log into the firewall.

    How I got out of shape services DHCP from the server to the firewall?  the firewall has active DHCP and the range of rental contract is configured correctly, but cann no PC connect when the server is off.

    Im trying to finish this tomorrow so if anyone can help me tonight it would be very appreciated...

    This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)
    If you give us a link to the new thread we can point to some resources it

  • Svchost.exe with service Client DHCP [Dhcp] and DNS Client [DNScache] high memory use

    I'm using Windows 2003 standard Server SP 2 found problem svchost.exe run service Client DHCP [DHCP] and DNS Client [DNScache]
    use a lot around 2 GB of memory. Virus scan try and Hijackthis is not found. I try to restart memory return service.

    I have 4 servers and the same symptoms.

    Anyone know why it caused?

    Hello
     
    Your Windows 7 is better suited for the public of Windows Server on TechNet. Please post your question in the TechNet Windows server forum.

    http://social.technet.Microsoft.com/forums/en/category/WindowsServer

  • It is possible to move my profile of the user of the c:, d: and reserving my main drive for the OS only

    I use windows Vista that is installed on drive C: (OS) year 80 gig hard drive plus I also drive D: (DATA) one new secondary 320 gig hard drive installed.  I want to use the system more effectively by saving and store my files on this hard drive automatically is it possible to move my profile of the user of the c:, d: and reserving my main drive for the OS only

    There are instructions of third party to do so, but this is not supported by MS and can cause problems

    Maybe redirect Documents libraries on the D drive

  • WRTP54G - configuration DHCP and static IP

    I got a Blu - Ray player and it turns out that he won't talk to my WRTP54G DHCP and I've only got to operate when plugged directly into my cable modem. Is it possible to configure the router to have a DHCP network, but allow also my Blu - Ray to have a static IP address, so it can also connect to the internet?

    Yes, just make sure that you have configured the blu Ray player with a static IP address outside the range of the DHCP, set up in the router list.

  • DHCP and static IP at the same time?

    Simple scenario. My internet connection using DHCP and my home network uses a 10.x.x.x (static) addresses. How can I add an address static 10.0.0.x, in addition to the IP address provided by DHCP, if I can use internet and LAN at the same time? Under linux, it's pretty simple: ip addr add 10.0.0.1/24 dev eth0

    You cannot use two IP addresses on a single ethernet interface, if you are using DHCP, you cannot add a static IP, it is technically impossible, in this case you must use two NICs, i.e. two different interfaces. If you connect to the Internet via the DHCP protocol and you have another PC which allows you to build a local network then you you may not change the dynamic address, but can replace the LAN address is dynamic/static. For example, if the PC that has the Internet connection, add another NETWORK card, then connect the second PC with this new NIC card. Now turn on sharing on the first PC Internet connection interface and so the two PC will be able to run the home networking and Internet connectivity. You don't even need to add a static IP address.

  • Windows 7 - VPN Error 711, 609 and error in the article «Phone and Modem»

    Hello

    I have the problem with my VPN from last auto Win update MAJOR - 16/10/2014

    My VPN worked fine until this update. Since then, I have a lot of different errors when I try to connect to this VPN again (from another PC with the same credentials is fine).

    When I now try to connecto to VPN I have Error 711 first and later of 609. I tried a lot of repairs, and none worked.

    VPN settings:
    http://i.imgur.com/cmADOeZ.PNG
    http://i.imgur.com/BaQiFtf.PNG
    http://i.imgur.com/kDL2xz1.PNG

    Services:

    • Plug-and-play - Works Fine - Set as automatic and the Service started successfully
    • Remote procedure call - Works Fine - set as automatic and Service started successfully
    • DCOM Server process Launcher - Works Fine - AutoPlay and the Service started successfully
    • Fax - Fax on the local computer and stop service. Some services stop automatically if they are not in use by other services or programs.
    • Remote access auto connection manager - Windows could not start the remote access auto connection service manager on the local computer. Error 0 x 80000048: 0 x 80000048
    • Remote access connection manager - automatic game and the Service started successfully
    • ICS - Internet connection sharing service on the local computer on the road and stop. Some services stop automatically if they are not in use by other services or programs.
    • Routing and remote access - auto play and the Service started successfully
    • Telephony - Works Fine - set as automatic and Service started successfully

    When I try to open "Phone and Modem" in the control panel:
    http://i.imgur.com/DIPZCRe.PNG
    "Phone and modem control panel can not be opened. You can have a problem starting telephony service.

    I tried:
    (1) Win Recovery - did not work

    (2) cmd sfc/scannow - did not work

    (3) uninstall and reinstall manualy miniports did not work
    Netcfg u MS_L2TP
    Netcfg u MS_PPTP
    Netcfg-l %windir%\inf\netrast.inf c - p-i MS_PPTP
    Netcfg-l %windir%\inf\netrast.inf c - p-i MS_L2TP
    http://i.imgur.com/VYHqQwn.PNG

    (4) Windows Network Diagnostics - Troubleshooting couldn't identify the problem - did not work

    (5) order the firewall and Antivirus protection - failed

    Can anyone please help me and fast? This was done by Win update and it made me a lot of trouble. I really need functional VPN to my client and I can't do it right now.

    THX and best regards,
    Matej Skarka

    -last edited on 20/10

    Hello

    I will recommend you to post this thread in Windows 7 IT Pro TechNet forums networking. This is the best forum for network problems.

    Please follow the link below to post this thread.

    https://social.technet.Microsoft.com/forums/Windows/en-us/home?Forum=w7itpronetworking

    Thank you.

  • Issues DHCP and FTP

    I have a RIS server running server 2012 R2 with DHCP and filezilla for FTP and a desktop running windows 7. The server can ping the desktop computer, but Office cannot ping the server, but the Office can obtain a DHCP server address. How can I get it to connect to the ftp service?

    Hello Zack,

    Thanks for posting your question on the forum of the Microsoft community.

    The question will be better suited to the audience of professionals on the TechNet forums.

    I would recommend posting your query in the TechNet forums.
     
    TechNet Forum
    http://social.technet.Microsoft.com/forums/en-us/home?category=WindowsServer

    Thank you

  • After the upgrade yesterday from Vista to Windows 7, now my Cisco VPN does not work and I get an error message titled: grounds 440 driver fault. Any ideas to fix this?

    After the upgrade yesterday from Vista to Windows 7, now my Cisco VPN does not work and I get an error message titled: grounds 440 driver fault.  Any ideas to fix this?

    This was the solution!  The works of vpn as $ 1 million now.  I followed the instructions above to enter the uninstall program and selecting the repair option.  I rebooted the machine, then used the troubleshooting on vpn software compatibility option.  Selected Windows windows xp (service pack 2) as the correct software and cisco vpn client started right up.

    Thanks, Nick!

    Rick

Maybe you are looking for

  • Gmail and IMAP

    My connection to gmail is for example "QWERTY".After creating account, I get the message: "password for [email protected]@imap.googlemail.com:What is "@[email protected]:"? Parameters:Server: imap.googlemail.comPort: 993user: qwerty@gmail.

  • Mac pro chassis/body

    Hi all, someone could tell me what cases/chassis are compatible with a mac pro Desktop 5.1 2010. I am after a substitute for this case and do not know if all chassis are identical. see you soon

  • Support Bluetooth A2DP

    I tried to connect a Bluetooth (a Nokia BH505) headset to my LG Fireweb. It connects and can make phone calls through the headset, but the music is played using the speaker phone... I guess that the A2DP profile is not supported by this phone operati

  • Firefox will not save passowrds.

    I just got a new laptop (a dell XPS 15Z) and when I downloaded firefox it won't let me save my passwords. Usually, when you type your password, a menu appears down and asks if I want to save. But now it won't let me. The key in the corner is displaye

  • Can I use USB hubs on cRIO?

    I would use the USB port on the cRIO 2 purposes. One for connecting to a USB key and another to control a small LCD 16 x 2 display. LCD screen will be updated very rarely but will give us a lot of read/write on the USB drive. I want to know if I can