<![CDATA[DHCP for IPSEC Clients]]>Hi, i have a tiny problem with my cisco vpn client.

When I try to connect to my pfsense box, no ip address are given to my client.

When i see my logs i have something like that :

So maybe if i make a rule to have dhcp on ipsec it will work.

How can I do that ?

]]>https://forum.netgate.com/topic/8740/dhcp-for-ipsec-clientsRSS for NodeWed, 17 Jun 2026 04:06:56 GMTMon, 05 May 2008 09:58:59 GMT60<![CDATA[Reply to DHCP for IPSEC Clients on Tue, 06 May 2008 19:29:55 GMT]]>Your Cisco client needs to specify a local subnet for his end of the tunnel (from the pfSense point of view this is the remote subnet behind the tunnel). As this is a single client ist should be a /32. I don't know the cisco client so I can't tell you how to set it up.

]]>https://forum.netgate.com/post/173091https://forum.netgate.com/post/173091Tue, 06 May 2008 19:29:55 GMT<![CDATA[Reply to DHCP for IPSEC Clients on Tue, 06 May 2008 08:10:25 GMT]]>my remote subnet ?

Can you advice me about my setting :

10.56.146.0/23 –--- internet ---modem with PfSenseon DMZ 128.162.49.0/24 ----- LAN : 192.168.1.0/24

So my remote subnet it the first : 10.56.146.0/23 ?

]]>https://forum.netgate.com/post/173031https://forum.netgate.com/post/173031Tue, 06 May 2008 08:10:25 GMT<![CDATA[Reply to DHCP for IPSEC Clients on Mon, 05 May 2008 19:52:14 GMT]]>You don't do DHCP for IPSEC-Clients. The client has to specify the local subnet for mobile clients. You probably think the "unknown gateway/dynamic" is a bug but it just tells you that the endpoint that this log message is about is a mobile client and not a statically configured tunnel.

Your mainproblem is that you don't have proper authentication settings and from what it looks like don't have an appropriate remote subnet set in the client either.

]]>https://forum.netgate.com/post/172988https://forum.netgate.com/post/172988Mon, 05 May 2008 19:52:14 GMT