Cisco VPN :: 2951 Unable To Lease DHCP Address To Remote Clients
Feb 12, 2013
Im facing with some DHCP lease issue and its like this,Our Cisco 2951 edge router is configured with local dhcp pool for a set of remote users when they connect through Cisco VPN which was working fine until we planned to change it to a Windows box that is configured for DHCP.The basic idea now is to relay the DHCP requests that are coming from the remote clients through Cisco VPN to the DHCP Windows server. So we added the scope on the server and changed the client config on the router as follows (highlighted is the dhcp relay config). [code]
Is there a way on the security appliance SA520 to remove someone from the DHCP lease client manually rather than setting the DHCP lease time to expire in less time like 4 hours or 2 hours. I was able to do this on other routers by highlighting the connected device and click remove. If not any recommendations on how to handle the device that are attached via DHCP and the person is no longer here, but the lease time is not up. I have set DHCP lease time to 4 hours.
I'm setting up a Cisco Aironet 1141 (standalone mode, AP) to handle wireless traffic in the office. It gives out 2 mbssids, one of which authenticates domain users through a RADIUS server and places them in an appropriate VLAN (RADIUS options 64, 65, and 81). The other is a guest ssid that uses WPA-PSK and places users in the restricted guest VLAN. Physically, the AP is connected to a 3750 PoE Catalyst, to which RADIUS and DHCP servers are also connected. AP, SSIDs, RADIUS and EAP authentication all work. The configuration given below is a working configuration. People do get authenticated and do get placed in the appropriate vlan. The problem is that, once authenticated, the "Obtaining IP Address" phase on the client hangs and most clients timeout without getting an IP address. Given that the DHCP server is on the same switch and a test simple ASUS Wi-Fi IP gives out the same scenario (except the multiple VLAN) at the speed of light, I don't think that it's a problem with the network connections between clients and the DHCP server. After reading some topics here, I realized that probably other communication will be extremely slow, as well, but haven't tested that for sure. Clients are all non-Cisco - smartphones, notebooks, etc. Most of them are 802.11G, not N.
my Laptop is about nine years old, HP Pavillion Pentium 4. I run Windows XP Home Edition Version 2002 SP3. I use a broadband card from Verizon that I just put in my USB (no router, etc) I'm getting a System Error Source DHCP Event ID 1002. When this happens, my computer, I believe, is going into sleep mode and I have to reboot the system. When I turn it back on and go back on the internet, all my websites that I was in are still there. The error says: The IP address lease 10.170.223.48 for the Network Card with Network address 2c3068c16ED1 has been denied by the DHCP Server 10.173.229.86 (The DHCP Server sent a DHCPNACK message)The DHCP Server Service did not extend the lease on your computer's IP address, so your computer temporarily lost its connection with the Network. I tried the ipconfig /release and ipconfig /renew. I tried going in services.msc and going under DHCP and keeping it automatic but stopping it. I called Verizon and I believe he refreshed my Network settings (I think I knew more about the topic than he did) He said it was my computer, whatever. I just tried the static IP but it didn't seem to take. I restarted and it jumped back to automatic. My last guess is it's something to do with the time frame of when it automatically obtains the address and when it expires. When I do the ipconfig /all it shows only a two hour time frame before it expires. Today I noticed that my computer shut down/sleepmode at the exact time the ipaddress was obtained. So, is there a way to increase this time between obtaining and expiring?
I would like to share one problem with WLC 5508 . we added a new virtual interface on the WLC. One new SSID is associated with this interface.
We created a ACL for this interface to restrict the access via WIFI to certian services. It´s not correct that everything works fine because the change were not applied. [code]
The changes of the ACL are applied on the fly, but for reason we don´t know, the clients don´t get a DHCP IP-Address (after changing the ACL) until the Controller is rebooted.
I've got a Cisco 1941 setup working fine for Cisco Anyconnect. Clients can connect to local resources fine. The issue I have is I need the remote clients to access a third party IP address but to do so they must do it through the VPN. At the moment only local resources are accessed across the vpn and if they need internet they use their own internet connection they are connecting with.I've added the below to make sure traffic going to the IP is going across the VPN.
We are configured the Remote IPSec VPN on cisco 1800 series router.The Clients are able to login to VPN and access the local corporate network Servers . But VPN Clients are not able to communicate with other VPN clients using their VPN Adapter IP.
Components used : CISCO VPN Client 5.7 Router 1800 Series
I have 19 locations, each with 1 or more LAP1142N AP's in FlexConnect mode, AP's are primed using CAPWAP to my 5508 WLC at the datacenter. The AP's join the WLC without issue every time. I have two WLAN's, one guest and one staff, the guest network is open and obtains DHCP from a WatchGuard XTM33 firewall at each of the remote locations. The staff side is WPA2/RADIUS and DHCP is assigned from the WLC. Each AP is assigned a static IP that is not in the DHCP scope. For example: DHCP scope on the branch firewall is 192.168.1.10-250 the AP will be assigned static IP of 192.168.1.1.. The AP's are connected to a HP procurve switch that has a untagged VLAN, the firewall is using the native vlan 1 and so is the AP.
I have been running this network for over a year and it has not had a single issue until the last two weeks. Nothing on the network has changed or has been upgraded.The issue I am seeing is that clients are no longer able to connect to the AP and do not get DHCP assigned to them. I am able to get it working, if I remove the static IP from the AP, the AP will reboot, join the controller, then begin working, users can connect and DHCP is assigned from the firewall as it should. However, If the AP then reboots, the AP will join back to the controller but no clients can connect nor do they get a DHCP address. So, I then reassign a static IP to the AP again and it reboots, connects to the controller and clients then can connect and get DHCP.i've found several posts on this topic, in fact the patch of unassigning or reassigning static IP is one that I found. I am also waiting on my SmartNet to start up and will be contacting Cisco support as well.
While trying to connect to WiFi at remote sites APs, the connection is getting time out.User are getting error as 'Unable to connect to <WiFi-SSID>' The APs at corporate office are functioning properly and user are able to connect to the APs.
with our WLC 5500 controller, once the clients get the DHCP address the page is not redirecting them to the guest portal.What is the best way to check as to why the redirection is failing.
I have DHCP server running in windows 2003. Presently its unable to provide Ip address for VPN clients who connect remotely. What I should do / reconfigure in DHCP, so that the DHCP server provides address for VPN clients.
delete a lease from a DHCP scope on a WLC 5508? I'm using that unit as the dhcp server, no relay. I am unable to find anything either through the web or cli.
I've been having this issue for about 3 months now, off and on, never seemed to be predictable but started happening more and more, which prompted me to look into it.
Currently, the DSL Modem is configured in bridge mode with the ASA handling PPPoE. The WAN address is being assigned via DHCP. The ASA is running 8.2(1). The WAN interface will drop it's DHCP lease and will not renew it without power cycling the DSL modem. I did a little bit of googling and found mention of setting "dhcp-client client-id interface outside", specifically this was an issue pre 7.2(22), but doesn't seem to affect my situation. Originally, I had the MTU on the outside interface configured as 1500, changing it to 1492 has not resolved my issue either.
I've enabled PPPoE and DHCPC debugging and posted the results below when the event occurs, I'm thinking this is moreso a PPPoE issue than it is a DHCP/DHCP Lease issue as I am not seeing any debug messages from DHCPC.
I have several Cisco WAP4410N access points. They are configured to automatically obtain an IP address through DHCP. This works fine, but I've discovered when the DHCP lease expires, the access point doesn't renew it. It continues to use the same IP address but does not renew the lease. If I reboot the access point, it will renew the lease again.Is this a known issue with the WAP4410N? Is there any way to work around this, other than setting a static IP address or rebooting regularly?
I have a remote site on a 2811 IOS 12.4(15). Interface FA 0/0 faces the ISP and is set for DHCP. What command can I run to see all of the information given out with the IP lease from the ISP? I need to find out what the IP address of the DNS servers are.
I wanted to connect to the Internet but my laptop has this message: " Your IP address lease has expired. DHCP was unable to renew your lease." I cannot connect to the Internet. What should I do?
my RVS4000 is not renewing DHCP lease in Auto mode. Connection lost after 24 hours.
WAN Internet interface is physically connected to cable modem - Motorola SBV6120E. Setup as DHCP server. Cisco RVS4000 is obtaining DHCP public IP without any issue, the problem is that the connection drop every 24 hours and I need to release/renew DHCP each day to be able to communicate after 24 hours. After I loose connection I need to release DHCP, the WAN interface goes down and I need to renew DHCP then. I receive the same IP address and connection is againg UP and working.
tried to load new firmware and also setup the router with default configuration, but without any change. as there is no auto-reboot function, it is really annoying to log into managment interface each day. I also loose remote access after 24 hours, so I am not able to access the rotuer from outside. My local provider do not support static public IP on WAN, therefore I have to use DHCP.
a couple days ago my BEFSR41 started making trouble, and so far I have not been able to get it working properly again. When I hook up my laptop directly to the cable modem everything works fine, and I get an IP address via DHCP. When I connect through the router, though, the router status shows 0.0.0.0 for all DNS, gateway, etc. addresses, and even pressing DHCP Release/Renew doesn't change that.Also, in the log I see these messages:
2012-08-08 20:30:41 warning DHCP RENEW WARNING - Field invalid in response 2012-08-08 08:30:52 notice TLV-11 - unrecognized OID
Since I can connect to the cable modem directly, it seems the cable modem is not at fault.My overall setup is:
- BEFCMU10 cable modem - BEFSR41 (not sure which version, but I believe it's a 4.x) - WAP54G
Could it be that my provider (Cox Communications) has changed some configuration in their DHCP server, and my laptop (MacBook Pro) can handle it, but the router cannot?
i cant seem to change my dhcp lease time even though i change my Client Lease Time to 1 day. Firmware Version:v1.0.06 build 001 Apr 29 2011 11:08:40Boot Code Version:v0.03Firmware Verification:Current Time:Sun, 25 Sep 2011 10:15:32 PMInternet MAC Address:Host Name: Domain Name:
I just bought an e4200. I was using a LinkSys WRT54GS running DD-WRT alternative firmware.
One feature that I really liked in DD-WRT was the ability to assign static IP leases from the DHCP server. I liked having all of my devices running with a predictable, known IP address on my network. I have a Home Theater PC, and various controller applications that run on iPhones, etc. - some pretty homebrewed. Configuring the firewalls, etc. was much easier with IP address based controls.
Is there a way to achieve the same within the e4200's stock firmware?
I randomly lost Internet connection, and since have not been able to Renew an IP address! Other people in my household can connect just fine. I've tried numerous things to get my internet back, but continue to be unsuccessful in doing so.
Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:Documents and SettingsMike>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : miker Primary Dns Suffix . . . . . . . :
I own a Nanostation5 Loco, and I have a router behind it.I would like to add a DHCP Lease to that router and do a port forward to the router.I can not find the DHCP Lease option in Nanostation settings, but if I choose to see DHCP Leases in "Extra info" on main page I can see some MAC and IP addresses there.When it comes to port forwarding, I fill the form slots with info, and when I press OK to save it a pop-up comes saying "Please fill out this field", a field for another forward rule.
we finally got my Cisco refurbished E2500 configured and working downstream from a UVerse 3801HGV box. We had to change the default IP address of the 3801 because it conflicted with the E2500's default. The E2500 is set up to get its Internet IP address using DHCP from the 3801. This is working fine for normal web browsing, etc. However, anything that requires extended connections (downloads, streaming, etc) freezes after a couple of minutes, forcing me to refresh the action to get it started again. Extremely annoying to say the least.
I'm pretty sure that I've tracked it down to the E2500's configuration of the 3801's DHCP allocation. For some reason, the E2500 wants to set the DHCP Lease Time for the 3801's assigned IP address to 10 minutes regardless of the upstream settings from the 3801. The 3801's default is 24 Hours which I've changed to 168Hours (7 days), but the E2500 stays stuck at 10 Minutes. Specifically, I'm referring to the setting displayed on the E2500 under Status>Router>Internet Connection IPV4>DHCP Lease Time.
On the BEFSR41 v1 series and WRT54G series, what is the maximum value for the DHCP "Client Lease Time (in minutes)?" It seems that 2^16 -1 (65535) minutes is the max. This is about 45 days. has the max value changed with newer versions of these devices?
I have a Linksys WRT310N v1 with firmware v1.0.10 build 002Jul 19, 2010 My router fails to renew it's DHCP lease from my cable provider, causing internet access to drop. I can still access my cable modem at 192.168.100.1, but I must do a "IP Address Release" then "IP Address Renew" to get back internet access. The router works fine otherwise.
i have a new smc router and my local ip address and remote ip addresses are very similar. The remote ip address is updating my dns server but i am unable to ping it. Its something like 122.61.xxx.1 ?
We have two ASA 5500 series Firewalls running 8.4(1). One in New York, another in Atlanta.They are configured identically for simple IPSecV1 remote access for clients. Authentication is performed by an Radius server local to each site.
There are multiple IPSec Site-to-Site tunnels on these ASA's as well but those are not affected by the issues we're having.First, let me start with the famous last words, NOTHING WAS CHANGED.
All of a sudden, we were getting reports of remote users to the Atlanta ASA timing out when trying to bring up the tunnel. They would get prompted for their ID/Password, then nothing until it times out.Sames users going to the NY ASA are fine.After extensive troubleshooting, here is what I've discovered. Remote clients will authenticate fine to the Atlanta Firewall ONLY IF THEY ARE USING A WIRED CONNECTION.
If they are using the wireless adapter for their client machine, they will get stuck trying to login to Atlanta.These same clients will get into the New York ASA with no problems using wired or wireless connections.Windows 7 clients use the Shrewsoft VPN client and Mac clients use the Cisco VPN client. They BOTH BEHAVE the same way and fail to connect to the Atlanta ASA if they use their wireless adapter to initiate the connection.
Using myself as an example.
1. On my home Win 7 laptop using wireless, I can connect to the NY ASA with no issues.
2. The same creditials USED to work for Atlanta as well but have now stopped working. I get stuck until it times out.
3. I run a wire from my laptop to the FiOS router, then try again using the same credentials to Atlanta and I get RIGHT IN.
This makes absolutely no sense to me. Why would the far end of the cloud care if I have a wired or wireless network adapter? I should just be an IP address right? Again, this is beyond my scope of knowledge.We've rebuilt and moved the Radius server to another host in Atlanta in our attempts to troubleshoot to no avail. We've also rebooted the Atlanta Firewall and nothing changed.
We've tried all sorts of remote client combinations. Wireless Internet access points from different carriers (Clear, Verizon, Sprint) all exhibit the same behavior. Once I plug the laptops into a wired connection, BAM, they work connecting to Atlanta. The New York ASA is fine for wired and wireless connections. Same with some other remote office locations that we have.
Below I've detailed the syslog sequence on the Atlanta ASA for both a working wired remote connection and a failed wireless connection. At first we thought the AAA/Radius server was rejecting us but is shows the same reject message for the working connection. Again, both MAC and Windows clients show the same sequence.Where the connection fails is the "IKE Phase 1" process.
------------------------------------------------------------------------------------------------------------------------- WORKING CONNECTION ------------------------------------------------------------------------------------------------------------------------- %ASA-6-713172: Automatic NAT Detection Status: Remote end is|is not behind a NAT device This end is|is not behind a NAT device NAT-Traversal auto-detected NAT. %ASA-6-113004: AAA user aaa_type Successful: server = server_IP_address, User = user %ASA-6-113005: AAA user authentication Rejected: reason = string: server = server_IP_address, User = user
I'm trying to change the DHCP Client Lease Time from 1440 minutes to 480 minutes. When I try to apply the new settings, I'm getting a message that says "Invalid Characters" and it won't stick. I've tried this in three different up-to-date browsers (ie10, Chrome and Firefox). Also, I'm connecting locally through LAN and I have the latest EA6500 Firmware: 2.1.39.145204
In our test set up, we have two WLC 5508 Controllers connected via Checkpoint UTM-1 firewall Inside and DMZ Interfaces. Both the WLC controllers are connected to the firewall via Cisco 3750 switch. On the Local (Inside) Controller, guest SSID is enabled and attached to the wireless management Interface. On the remote anchor controller, guest SSID is enabled and attached to the Management Interface as well. The following configs are replicated on both the Controllers.
SSID Name - guest Interface - Management ( VLAN 10 on Local and VLAN 20 on remote) - Mobility Group: Same configs at both ends SSID Anchor : Anchor SSID on local and local SSID on Anchor. AP: CAPWAP 3502 Management Subnet
[code]....
Is there any thing missing in the wireless configs and or the firewall rules as i could not see DHCP request back from the Anchor Controller. Also, after DHCP is obtained, the web authentication request will be redirected to an Amigopod device for authentication. In this case is the redirect URL congiguration to be performed only on the Anchor Controller or is this to be replicated on both the Local and Anchor Controllers.
I've recently purchased 5 WAP610N access points to replace my older US Robotincs access points.I've configured one WAP610N (upgraded to the latest firmware i found on the site) with a static IP, bropadcasted SSID & WPA2 personal security.I had no problem at all to connect PC's but when i tried to connect the Ipad & Iphone (with the latest 4.3 firmware) i was able to connect to the network but unable to get an IP lease. I had no problem before connecting to the US roboticx access points.When i change (lower) the security to WEP on the WAP610N then everything works fine but i want to use WPA2 in stead of the unsecure WEP protocol.
I just got a new RV042. V3 Hw.For setup and testing before putting it in action, I've attached the WAN1 side to my internal network.But it fails to get an IP address, and the log shows: "Infinite lease time, exiting".My current router on the LAN is giving out DHCP addresses with 3 hour lease time, and I've checked with the PC's on the LAN that this is correct.The routers DHCP status shows that the lease time for the RV042 is 3 hours ahead.So why does the RV042 complain about long lease time ?Is there a way to avoid this error from occurring?
I have tried to change from 'Gateway' to 'Router', but this does not change anything.Also tried a factory reset, with no luck.Fw is upgraded to the latest 4.0.4.02
