DHCP Relay RV042 to RVS4000 VPN

Is this possible? I have a couple of thin clients at a remote location that I would like to connect to my local DHCP server.  The clients are connecting to the RVS4000 @ 192.168.20.1  .  The RVS4000 connects to the RV042 (192.168.10.1 with two WAN IPs) through the IPSEC VPN.  I have a DHCP server @ 192.168.10.239 with a scope for 192.168.10.x and 192.168.20.x.   Should this work?  Any special setting other than turning on the relay and setting the IP for the DHCP Server? Local DHCP clients are connecting fine, but not the remote clients.  I did see one request an address when I first turned it on, but it timed out on the other side. After that I haven't been able to get another request through.  Thanks for reading.

Larry,
I don't believe what your wanting to do will work. The reason is, when you have an ip address you have a specific default gateway and that gateway is your access off you local network.
If your default gateway is on another network and your on a remote local network you will not be able to get out.
Try doing a static ip address on the clients and see if that works.
If it does then you can leave them static, but i believe this will not work.

Similar Messages

  • ASA 5512-X - VPN & local clients DHCP relaying (DHCP Proxy vs. DHCP Relay conflict)

    Hey all,
    I have ASA-5512-X serving as general firewall/router. It also serves as AnyConnect SSL VPN gateway (webvpn).
    It has ~10 VLANs connected over 1 trunk port. One of the VLANs has DHCP server that shall serve all the VLANs (192.168.16.2).
    I'm trying to have the ASA relay DHCP requests from all VLANs to the DHCP server and to also serve VPN clients.
    However, according to bug https://tools.cisco.com/bugsearch/bug/CSCsd22469 both DHCP Proxy (webvpn) and DHCP Relay (local interfaces) can't be enabled at the same time.
    As VPN clients connect to the same VLANs as local users (eg. VLAN 2 - 192.168.2.0/24) I want to have the very same DHCP server serving both, otherwise it's gonna become a mess.
    Note: if I configure DHCP Relay functionality and disable DHCP Proxy - local clients are served fine. If I configure DHCP Proxy (webvpn) and disable DHCP Relay VPN clients are served fine. I therefore consider setup to be correct, just the ASA limitation won't allow me to make it serve both.
    Can DHCP Relay also serve VPN clients (no DHCP Proxy enabled)? did I miss something?
    Thanks!

    Hi,
    The only workaround for this issue is to configure the ASA itself to act as DHCP server for vpn clients. You also have the flexibility of using local pool and AAA server. Why exactly do you want to use the same DHCP server for both?
    AM

  • ASA Hub-and-spoke VPN dhcp-relay

    Hi!
    Have anyone implemented a solution with a hub-and-spoke IPSEC VPN (running ASA) with dhcp relay for the inside clients on the spoke. With the DHCP server on the hub site?
    Normal LAN-LAN IPSEC VPN is a bit cumbersome to configure something like below: 
    SPOKE
    <snip>
    access-list CRYPTO_ALLOWED extended permit ip INSIDE-NETWORKS any
    #ALL INTERNET ACCESS GOES THROUGH THE SPOKE SITE
    access-list CRYPTO_ALLOWED extended permit udp host OUTSIDE_IF_ADDR host HUB_DHCP_SERVER_ADDR eq bootps
    access-list CRYPTO_ALLOWED extended permit udp host OUTSIDE_IF_ADDR host HUB_DHCP_SERVER_ADDR eq bootpc
    nat (INSIDE,OUTSIDE) source static CRYPTO_ALLOWED CRYPTO_ALLOWED destination static OSKO-INTERNET OSKO-INTERNET route-lookup
    dhcprelay DHCP-SERVER outside
    dhcprelay enable INSIDE
    dhcprelay setroute INSIDE
    dhcprelay timeout 60
    HUB
    <snip>
    access-list CRYPTO_ALLOWED_TO_SPOKE extended permit ip 0.0.0.0 0.0.0.0 HUB_NETWORKS
    access-list CRYPTO_ALLOWED_TO_SPOKE extended permit udp host HUB_DHCP_SERVER_ADDR host SPOKE_OUTSIDE_ADDR eq 67
    access-list CRYPTO_ALLOWED_TO_SPOKE extended permit udp host HUB_DHCP_SERVER_ADDR host SPOKE_OUTSIDE_ADDR eq 68
    nat (INSIDE,OUTSIDE) source static ANY ANY destination static SPOKE_NETWORKS SPOKE_NETWORKS
    nat (INSIDE,OUTSIDE) source static HUB_DHCP_SERVER_ADDR HUB_DHCP_SERVER_ADDR destination static SPOKE_OUTSIDE_ADDR SPOKE_OUTSIDE_ADDR
    ### HUB INTERNET ACCESS ##
    nat (OUTSIDE,OUTSIDE) source dynamic SPOKE_NETWORKS interface
    I can't really apply this to a hub-and-spoke configuration.
    Any ideas?
    Regards
    Daniel

    Thanks. That's what I thought. I'm trying to configure this a my lab and having trouble though. Here's what I am trying to accomplish: HUB should communication with spoke1 and spoke2 via ipsec vpn using their own internal addresses HUB: 192.100.10.0/24, SPOKE1 10.142.0.0/24, SPOKE2 10.25.0.0/24) Communication between SPOKE1 and SPOKE2 should be nat'ed by the HUB so SPOKE2's addresses appear to be 172.16.128.0/24. SPOKE1's interesting traffic rule will allow the entire 172.16.128.0 255.255.128.0 subnet. Any new SPOKE's will use another subnet of that network. In my head I think I might need to let SPOKE2 NAT it's own traffic before it gets to HUB, but I'm dealing with multiple different devices as spokes so I want to handle everything on the HUB. Ideally the HUB would translate all traffic in both directions so both business partners and clients would only need one supernet in their interesting traffic rules.

  • DHCP Relay through another firewall

    Hello,
    I have set up two ISA Servers in my lab (learning environment).
    One faces the internet, the other one is in between the lan and the perimetral network.
    Sort of:
    LAN  <--- ISA2--->  DMZ  <---ISA1---> INTERNET.
    The thing is that the other office connects to ISA1 through a VPN-Site-to-Site, and it goes all fine except that ISA1 cannot take any ip from the dhcp server standing on the lan.
    I have read this: http://technet.microsoft.com/en-us/library/cc302680.aspx
    But in my lab, there are two isa servers , so I don't know how to send dhcp requests from isa1 to isa2 excepto for broadcast 255.255.255.255 , but the isa1 does not know how to forward that to the dhcp server in the lan.
    I am mixed up because I am not an expert and am learning now about this dhcp relay thing now.
    Thanks in advance!!
    Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)

    Thanks a lot Keith.
    I was all wrong. The relation between perimeter and lan (in ISA2) is route. And as far as I have read, that is how it should be, when no external network is involved.
    I have a question, I feel doubtful about: When ISA1 takes the DHCP request, does he make a broadcast petition to 255.255.255.255 or a unicast request directly to dhcp-server machine ? , because the ISA1 machine is a DHCP relay so, when I configured it I
    was asked to write the ip of the dhcp server, then maybe it just knows where to send the dhcp requests from the client and does not perfom multicast 255.255.255.255 but unicast to the dhcp server ?
    EDITION: In the statistics of dhcp-server, there is no dhcp requests, so the traffic is not reaching it.
    I am still digging in. This is difficult for me.
    Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)

  • Setting up a DHCP relay agent

    Hello,
    I'm trying to setup a relay agent for an XP client to obtain configuration through 2 routers on a VM LAB
    I have 3 Segments/subnets 1,2 and 3
    the topology is the following:
    1- server 2008 R2 AD DS DC on subnet 1 (192.168.1.0) and a DHCP server with 2 scopes
    Internal 192.168.1.0 (subnet1)
    external 192.168.3.0 (subnet 3)
    2- server 2008 R2 with RRAS installed
    Interface 1 pointing to the internal subnet1 192.168.1.0
    Interface 2 pointing to subnet2 192.168.2.0
    3- server 2003 with RRAS installed
    Interface 1 pointing to subnet2 192.168.2.0
    Interface 2 pointing to subnet3 192.168.3.0
    relay agent installed on Interface 2
    (servers/Routers 2 and 3 running RIP v2)
    4-  XP client on subnet3 (192.168.3.0) and the client trying to obtain config.
    The XP client is unable to contact the DHCP to obtain config.
    server 2003 relay agent receiving requests with no replies.
    How do i get this to work?

    Hi,
    First, let’s see how DHCP relay agent works:
    1. The DHCP client broadcasts a DHCPDISCOVER packet.
    2. The DHCP relay agent on the client’s subnet forwards the DHCPDISCOVER message to the DHCP server by using unicast.
    3. The DHCP server uses unicast to send a DHCPOFFER message to the DHCP relay agent.
    4. The DHCP relay agent broadcasts the DHCPOFFER packet to the DHCP client’s subnet.
    5. The DHCP client broadcasts a DHCPREQUEST packet.
    6. The DHCP relay agent on the client’s subnet forwards the DHCPREQUEST message to the DHCP server by using unicast.
    7. The DHCP server uses unicast to send a DHCPACK message to the DHCP relay agent.
    8. The DHCP relay agent broadcasts the DHCPACK to the DHCP client’s subnet.
    We can see in the second step, DHCP relay agent send unicast to DHCP server after receiving DHCP request. So confirm unicast communication between DHCP server
    and DHCP relay agent works fine. At least ping should be working. You can use the following commend to add the route entry.
    Add a static IP route
    http://technet.microsoft.com/en-us/library/cc757323(v=ws.10).aspx
    The result should be based on your test. If it doesn’t work it just indicates that we cannot configure another DHCP relay agent behind a relay agent.
    Hope this helps.

  • Unable to access LAN behind RV042 from QUICK VPN Client once it connects

    Hi,
    Very recently, we had implemented Site-to-Site VPN tunnel between two Linksys RV042 4-port VPN routers. Everybody in our remote site is accessing and sharing the data through this tunnel and it is working fine.
    Now, we have a plan to implement the same for our mobile clients also. For this, we had followed all the basic configuration procedures and user got connected to Quick VPN tunnel. Here is a problem we had observed. The mobile client user is connected to the tunnel, but unable to access the office LAN from the PC.
    What's the problem in configuration? What i have to do?
    Thanks
    VC Gundapaneni

    Hi There.
    have a look over here.
    http://www.linksysinfo.org/index.php?threads/netbios-issues-with-vpn.16170/

  • DHCP Relay forwarded to Secondary when Scope is not available in Primaray

    Two ip helper-addresses (let suppose DHCPServer1 and DHCPServer2) are defined on each of the branch router, and customer want to divide the load of DHCP request on two different DHCP Servers. The propose solution by customer is to disable some scope from one DHCP Server (DHCPServer1) and define the similar scope in second DHCP Server (DHCPServer2). Does the DHCP Relay request would be forwarded to secondary server (DHCPServer2), if the scope is disabled on first DHCP Server (DHCPServer1)?

    The DHCP request is forwarded to all the addresses defined with the ip helper-address command.
    So if you have 2 ip helper-addresses then the DHCP request is sent to both at the same time by the router. First one to respond is usually the one accepted by the client.
    Jon

  • DHCP Relay Cisco SG500X

    Hi, 
    I've create 2 vlan in a cisco SG500X-24 and a DHCP server on vlan 2. I just want to dhcp server assign ip to devices on vlan 3. I've configured the vlan and dhcp server relay commands.
    ip dhcp relay address 192.168.1.11
    ip dhcp relay enable
    ip dhcp information option
    interface vlan 2                                      
     ip address 192.168.1.250 255.255.255.0
    interface vlan 3
     ip address 192.168.51.254 255.255.255.0
     ip dhcp relay enable
    The dhcp server gets the request from pc, and sends a new address, but the offer packet not comes to device. With Wireshark a see like offer dhcp packet can't jump to vlan 3.
    It's the first time a work with SMB series, and this never happens with catalyst. I'm turning crazy.
    Anyone can help me? Thank you in advances.
    Victor.

    Hi,
    Yes, also I configured ip dhcp relay on intefaces.
    Yesterday I found the trouble. I was using the tftpd32 dhcp server, and I tested with a Windows DHCP server and everything works like a champ. I didn't know what have do, and i turned crazy, so I began to change every element on solution, finally the DHCP server that it was the key.
    Thank you so much for your answer.
    KR!

  • WRVS4400Nv2 DHCP Relay on 2nd VLAN

    Hi,
    Here's what I'm trying to figure out:
    My network is set up such that I have a Wireless Network in VLAN 1, which is the primary network that we use.  The subnet is 10.5.1.x.
    My goal is to set up a completely isolated Guest Wireless Network, however it would work best.  What I am trying to do now is I created a seperate VLAN (VLAN 2, IP range 10.5.2.x) and turned on DHCP on the WRVS4400N.  However, in the Guest Network, it is always picking up a 10.5.1.x IP which is handed out by the DHCP server (10.5.1.5, Win 2003) and still routing all of the traffic to/from our private network.
    Here's What I have set:
    Wireless>Security Settings>Guest Network (SSID 2)
    Wireless Isolation (between SSID w/o VLAN): Enabled
    Wireless Isolation (within SSID): Enabled
    Setup>LAN>VLAN 1
    Router IP 10.5.1.1, WLAN IP 10.5.1.3
    DHCP Relay for 10.5.1.5
    Setup>LAN>VLAN 2
    Router IP 10.5.2.1
    DHCP Enabled for 10.5.2.x subnet
    DHCP Relay option is grayed out (not sure why)
    Setup>Advanced Routing
    Inter-VLAN Routing: Disabled
    Any way to solve this would be fine.  I just do not want traffic routing through our internal network.  Ideally, if I could get the Windows server to hand out 10.5.2.x addresses, that would be perfect, but I'm not sure how to configure it for such. 
    If anyone has any ideas, that'd be great- thanks!
    Matt

    Yes...here's an answer I got from Cisco's Engineering support:
    The issue you reported is a know issue.
    Engineering and development are aware of this issue, and have provided  the following information:
    PROBLEM DESCRIPTION:
    If the WRVS4400N is configured with multiple VLANs, and these VLANs are  mapped to different SSID, the user cannot use an external DHCP server to  provide IP scopes for these VLANs.
    Hosts connected to both SSID will obtain IP address from native DHCP  server only.
    The workaround for this is to use the embedded DHCP server for all VLANs  defined on the WRVS4400N.
    Note: This is not considered a bug but rather a product limitation. The  developer has confirmed the WRVS4400N is functioning as designed.
    Regarding a fix:
    Due to wireless and trunk switch port using different chip set, it is  not possible to provide a fix for this issue.
    In future product, Engineering & Dev teams will strive to use the  same chip set (same vendor). 
    This functionality has been targeted for next new Product.  No fix will  be made on the current hardware. 
    Note: If this feature/function is mission critical to your deployment,  and you would like to recover the cost of the WRVS4400N, please forward  the serial number and a copy of the proof of purchase, and we will  gladly provide a refund.
    Best regards,
    Alex Delano

  • DHCP Relay using Brocade Switches

    Hi
    I have a large project with 3 UCM cluster with unity cluster and UCCX
    The network is a Brocade switch environement,
    The Core is using OSPF and distribution is Layer 2.
    I have configured the Cluster with a dedicated DHCP and TFTP service.
    DHCP relay is not working, but when i configure one of the phones with a static IP address it registers and I have full functionality
    When I connect my server dirrectly to the core which is not the design then the dhcp relay works and I get an IP address, but when i traverse the layer2 then i do not get an address.
    In the same topology I connected a Windows DHCP server on the same vlan as my UCM cluster and change the relay address to point to the windows dhcp the i do get an address.
    In an additional test i configured the same setup on cisco switches then the relay works great.
    If anyone has seen or knows of any bug regarding DHCP relay i would be greatful for info
    Thanks
    Lance

    Hi Experts,
    i forgot to mention that i was reading an interesting document on Cisco website "network virtualization design guide",  and they clearly mentioned the below:
    """VRF-awareness for DHCP-relay functionality is currently not supported on any Catalyst platform, but it is required only for supporting overlapping IP addresses"""
    So i would like to ask you if you have any workaround to be done in such deployments
    Thank you in advance
    Samer Labaky
    CCIE # 24675

  • NAC.OOB.L2.Real IP GW.dhcp-relay issue.

    Hello.
    I have CAM (manager) which is configured as L2 OOB real-ip gateway. central deployment.
    ethernet 0 (trusted) is L3. (ip add x.x.x.x)
    ethernet 1 (untrusted) is .1q and several authentication vlans (a,b,c,d) are connected to it.
    of cause managed subnets are configured for auth vlans on eth1.
    Manager is configured as dhcp-relay.
    Is it ok that manager changes dhcp packets to the dhcp server so that it's ethernet 0 ip address (x.x.x.x) becomes the source address of the requests to the dhcp server?
    how can dhcp server recognize auth vlan a from auth vlan b if all packets have the single source (x.x.x.x)???
    Where could be my mistake?
    Regards

    Hello varnavsky!
    You have to configure vlan mapping (at the CAM) for all authentication vlan! After the authentication and posture validation, the NAC client won't give a new IP address, so the client has to have an IP address from the proper access vlan. When you configure these vlan mappings CAS always acquire an IP address from the proper range.
    By(e) Miki

  • DHCP relay for SGE2010

    hi
    I have SGE2010 switch in layer 3 mode and im unable to assign IP addresses in second VLAN 2.
    My setup
    Port 1: TRUNK , VLAN 1 and VLAN 2 --> connected to Cisco 887 FE3 Trunk with  VLAn 1 and VLAN 2 and DHCP pool for VLAN2
    Port 2: TRUNK , VALN1 and WLAN2 --> Cisco Aironet 1040 LAN WIFI VLAN 1 and Guest WIFI VLAN2
    Port 3: Access , VLAN1 Windows DHCP server for VLAN 1 subnet
    My LAN WIFI clients can get IP from Windows DHCP server for VLAN 1
    My Guest WIFI clients on VLAN 2 cant get an IP from the Cisco 887 router on VLAN 2.
    I did try turning on DHCP relay etc but didnt make  any difference.
    Can anyone give me some pointers on wat im missing ?
    Thank you

    Hi, if the symptom is that when you assign an IP address to vlan 2 the switch "locks up" then the reason is because the vlan 1 did not have an IP address assigned by user.
    To fix that, you'd need to add an IP address for vlan 1 as you like then try to make an IP for the additional vlans.
    -Tom
    Please mark answered for helpful posts

  • 3000 series and Multiple DHCP scopes (DHCP-relay)

    I need to send different DHCP options to users; however, I need to put certain groups in different subnets. Is it possible to setup the concentrator to relay for addresses from different scopes?

    - Configuration
    - System
    - IP Routing
    - DHCP Relay
    a. Enable 'Enabled' checkbox
    b. Select Forward to
    c. Address == 192.168.10.8 255.255.255.0
    - Address Management
    - Assignment
    a. Enable 'Use DHCP'
    - User Management
    - Groups
    - Select 'groupA'
    - Modify Group
    - Click General tab
    - Enter 'DHCP Network Scope' x.x.x.x
    - Select 'groupA'
    - Remove Address Pool
    Now I get the following error:
    118 02/08/2005 13:29:00.720 SEV=3 DHCPDBG/39 RPT=34
    DHCP discover timeout: no response from polled servers (xid 3821297335)
    I can ping the server, and it is serving up this scope to other devices (just not from the concentrator)

  • PXE with IP Helpers/DHCP Relay

    I'm a Sysadmin and I have a question about what is best practice in regards to PXE servers. We are currently using DHCP Options for PXE clients (options 66,67). This works for most clients but is not the recommended method from either of the vendors we have used (Microsoft or Symantec). They recommend using IP Helpers / DHCP relay to forward the DHCP discover request to the PXE servers so that the PXE server is getting the actual request. This is more of an issue now with UEFI-based machines where the boot file would be different based on if the client is UEFI.
    My Network team is against using IP Helpers and thinks it can cause issues. This doesn't seem to make much sense to me, as from what I understand, all that happens is both the DHCP server and the PXE servers get the DHCP discover and respond with their relevant info. Can someone clarify what, if any, issues there are using multiple IP helpers/DHCP relay with PXE Servers like SCCM & Altiris? Is this not standard practice?

    It's very common to use DHCP relays (IP helpers) in order to centralize DHCP infrastructure. Larger organizations will frequently use this approach in order to avoid having to manually edit DHCP configurations at the router or switch level. Having a few servers with a central DHCP configuration for all segments is a good management proposition.
    In most environments, there isn't a problem with doing this, but it is a major architectural consideration and not something you just turn on without consideration. This is largely because DHCP works on a broadcast principle. The clients are going to broadcast for the first DHCP server that answers with an acceptable offer, which they will take. If you have a mixture of local DHCP servers and relays, the local servers will respond faster and may not provide the configuration you want to deploy... at best. At worst, you will have a mix of acceptable responses and a lot of potential for conflicting addresses. On any network segment where you're using DHCP relays, the local server needs to be disabled.
    It might be worthwhile going back to your network team and asking what sorts of "issues" that they feel the implementation of DHCP relays would cause. There may be something unique to your environment that makes them reluctant to pursue this approach.

  • RV042 with Windows VPN Server

    Hi!,
    how do I connect the RV042 with an Windows VPN Server,
    so that the PC's behind the RV042 get the external IP of the VPN and join the VPN-Server's Network.
    I did configure the Windows Server with this tutorial:
    http://blog.lan-tech.ca/2012/01/28/sbs-2011-essentials-configuring-vpn-access/
    I can connect from any device just fine, so the server is running properly. I just need to know how to connect the RV042 to this VPN.
    Kind Regards
    penpenpen

    Dear Customer,
    Thank you for reaching the Small Business Support Community.
    Please refer to the below document, I think it is what you are looking for;
    http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=2957
    Please do not  hesitate to reach me back if there is any further assistance I may help you with.
    Kind regards,
    Jeffrey Rodriguez S. .:|:.:|:.
    Cisco Customer Support Engineer
    *Please rate the Post so other will know when an answer has been found.

Maybe you are looking for

  • Apple Tv to apple TV

    With 2.3 update can you stream music from one apple tv to another apple tv. In other words would it be possible to play the same song on two apple tvs at the same time?

  • IPhone Not Recognizing Info Changes in iTunes

    Compared to the wave of other problems people seem to be having with the iOS 5, this is somewhat minor. Nonetheless, it's annoying: With certain music files when I edit info in iTunes (changing the artist name or capitalizing an album title, etc.) th

  • Trying to Uninstall Premiere Pro

    Hello, I recently purchaced adobe CC, and I just uninstalled all of my old CS6 products. I uninstalled everything, but in the Adobe CC app, I see this: (That "Adobe Premiere Pro CS6 Family" still shows up in my installed Adobe apps) What can I do to

  • Error adding new users from local server

    Hello, BPC Gurus, We use BPC 7.0 MS SP4, MS SQL 2008 (Server name - BPCP01) In Administration Console we're trying to add user from local server (server with SQL Database), and warning window is appeared with message "The Server Is Not Operational [B

  • IPhoto does not import rotated images from camera

    I plugged in my CF card to a reader and first looked at all my photos. Those that needed rotation I fixed with preview. Then when I opened iPhoto, it didn't recognize any of their file formats. Is there a good workaround?