Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to use an external DHCP server with VPN on MAG 6610 ?

SOLVED
Go to solution
adaviel_
Occasional Contributor
‎05-16-2012 07:04:PM
‎05-16-2012 07:04:PM

How to use an external DHCP server with VPN on MAG 6610 ?

I have a working tunnel using Junos Pulse and an IP address pool.

I want to use an external DHCP server instead (ISC dhcp-3.0.5 on Linux)

I created a pool on the server, and set option 118 per KB23329

The server then issues a DHCP offer of a pool address e.g. 192.168.79.254, which I can see at the internal cluster interface. But the client does not accept the offer, or does not see it.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
adaviel_
Occasional Contributor
‎05-25-2012 06:48:PM
‎05-25-2012 06:48:PM

Re: How to use an external DHCP server with VPN on MAG 6610 ?

Solved.

We have two DHCP servers configured for active/inactive failover. The active one responds to a cluster address but replies come from the server's base address. Since I can SSH to the cluster address I had not realized this could be an issue.
I changed the configuration on the MAG to use the base address of both DHCP servers. It sends DHCP discover and request to both but gets offer and Ack from only the active one and uses that.

View solution in original post

0 Kudos
8 REPLIES 8
zanyterp_
Respected Contributor
‎05-16-2012 07:13:PM
‎05-16-2012 07:13:PM

Re: How to use an external DHCP server with VPN on MAG 6610 ?

what error do you see on the client?

is your network connect range at system>network>network connect (vpn network) set to accept that range?

what does your tcp dump show?

0 Kudos
adaviel_
Occasional Contributor
‎05-17-2012 01:34:PM
‎05-17-2012 01:34:PM

Re: How to use an external DHCP server with VPN on MAG 6610 ?

I don't see an error on the client - Junos Pulse just says "connecting"

This version has system>network>VPN Tunneling (Network Settings) not "network connect"

- IP filters to apply to VPN IP pools. The filter is "*".

This range works when generated by the IVE itself.

tcpdump on the IVE shows DHCP Discover from the internal interface of one cluster member to the DHCP server, and a DHCP Offer coming back

0 Kudos
RexPGP_
Frequent Contributor
‎05-18-2012 11:09:AM
‎05-18-2012 11:09:AM

Re: How to use an external DHCP server with VPN on MAG 6610 ?

I did dhcp once and I had to add DHCP server.

system->network->network connect->network connect server IP address

0 Kudos
zanyterp_
Respected Contributor
‎05-21-2012 07:53:PM
‎05-21-2012 07:53:PM

Re: How to use an external DHCP server with VPN on MAG 6610 ?

@adaviel wrote:

I don't see an error on the client - Junos Pulse just says "connecting"

This version has system>network>VPN Tunneling (Network Settings) not "network connect"

 - IP filters to apply to VPN IP pools. The filter is "*".

This range works when generated by the IVE itself.

 

tcpdump on the IVE shows DHCP Discover from the internal interface of one cluster member to the DHCP server, and a DHCP Offer coming back

ok, thank you.

what is the message on the DHCP server? what does your user access log show at the time of failure? does the TCP dump on the client on the Pulse adapter show success or failure?is the dhcp server and internal port of the cluster on the same subnet? if not, does that make a difference?

0 Kudos
adaviel_
Occasional Contributor
‎05-25-2012 04:07:PM
‎05-25-2012 04:07:PM

Re: How to use an external DHCP server with VPN on MAG 6610 ?

(sorry for the delay - long weekend, other tasks)

The DHCP server logs

DHCPDISCOVER from 55:4e:32:00:00:00 (mypc) via 192.168.x.y

DHCPOFFER on 192.168.79.254 to 55:4e:32:00:00:00 (mypc) via 192.168.x.y

192.168.x.y (sanitized) is the internal address of one MAG cluster member

192.168.79.254 (sanitized) is the client address allocated from the DHCP pool

I see the same DHCP packets (discover, offer) in tcpdump on the MAG

The MAG logs say

VPN Tunneling: IP address cannot be allocated to user xxx. Solution: Check IP Address Pools / DHCP server state.

I can't easily put the MAG and DHCP server on the same subnet; the MAG's internal and external interfaces are on two small VLANs on our router.

We have a similar setup with WiFi access points which works with dhcprelay

I just found something else to try relating to failover addresses on the DHCP server; more later if that works.

0 Kudos
adaviel_
Occasional Contributor
‎05-25-2012 06:48:PM
‎05-25-2012 06:48:PM

Re: How to use an external DHCP server with VPN on MAG 6610 ?

Solved.

We have two DHCP servers configured for active/inactive failover. The active one responds to a cluster address but replies come from the server's base address. Since I can SSH to the cluster address I had not realized this could be an issue.
I changed the configuration on the MAG to use the base address of both DHCP servers. It sends DHCP discover and request to both but gets offer and Ack from only the active one and uses that.

0 Kudos
stine_
Super Contributor
‎06-08-2012 06:45:AM
‎06-08-2012 06:45:AM

Re: How to use an external DHCP server with VPN on MAG 6610 ?

If you search the forum, I posted my bind config and SA config for using a pair of linux servers to serve separate network addresses to multple roles and its been working well for quite some time.

0 Kudos
zanyterp_
Respected Contributor
‎06-20-2012 08:30:PM
‎06-20-2012 08:30:PM

Re: How to use an external DHCP server with VPN on MAG 6610 ?

thank you foir sharing

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.