DHCP assignment on a different subnet against a Microsoft DHCP server

How to setup DHCP assignment on a different subnet, against a Microsoft DHCP server.

The VPN connection profile is configured for DHCP; but the IP addresses are not assigned, when users get connected (nc.windows.app.23791).

  • The Junos Pulse Secure Access Gateway (SA) is configured to provide VPN tunneling to users.
  • In the VPN connection profile, the IP addresses are defined to be provided via DHCP.
  • The DHCP scope is on a subnet, which is different than the SA appliance.
  • When performing a trace on the traffic, the DHCP server shows the request; but no response.
  • If the DHCP scope is configured for the same subnet as the SA appliance, an IP address is provided.

This is an expected behavior.
The Microsoft DHCP server does not allow an IP address to be assigned to a different subnet. To allow DHCP scopes to be assigned from the SA, a VLAN or virtual IP, which is on the same subnet, is used.
1.To add a new virtual port on the internal interface, go to System > Network > Internal Port > Virtual Ports:

dhcp-assignment-different-subnet-microsoft-dhcp-server
2.Select the VLAN/Source IP check box for the role:

dhcp-assignment-different-subnet-microsoft-dhcp-server
3.Select the new virtual port for the role:

dhcp-assignment-different-subnet-microsoft-dhcp-server
If you are using non-Microsoft servers, option 118 can be used. For more information, refer to KB22611 – How to assign IP addresses to NC clients from different DHCP scope other than IVE internal interface range using DHCP Option 118.

About the author

James Palmer

Leave a Comment