NimbostratusIs there any way we could relay DHCP/bootp traffic for VPN users?
We have Mac installed with parallels to run windows 10. While the MAC is in the office we have the ability to re-image the VM via netboot but with everyone working from home we have lost this ability.
EmployeeHello, can you give me more detail here? Would this not kill the VPN connection while the process is running (re-image)? Do you just need access to the clients VPN address given to it by APM?
NimbostratusHi Dave, we are not re-imaging the host , but rather a VM inside of the host.
The host have VPN configured and its always connected when the device is not on-prem.
We can reboot / re-image VM inside of a host without affecting the host uptime or network connectivity.
Sorry for not making this clear
EmployeeSo with the client connected via VPN (APM Network Access) I would think so. Typically for accessing remote VPN connected clients you want to go into the APM Network Access configuration and disable SNAT. This means the source of the traffic over the VPN would now be on of the IPs assigned to the client via the Network Access Lease Pool.
Keep mind if this is a unique Lease Pool Address/Subnet (i.e. does not exist on your network) you would need to add routes on your network to send the traffic back to APM or if Lease Pool Address/Subnet addresses already exist on your network you would need to enable Proxy ARP in the APM Network Access configuration.
NimbostratusHi Dave,
Thanks in advance!
SNAT is disabled and Proxy ARP is enabled and I can connect to the client IP assigned by APM ( see configuration below ).
The question is can we relay broadcast traffic from the client to specific IP outside the APM network?
Just to be more specific :
When the VirtualMachine it send DHCPDISCOVER message on the network using the destination address 255.255.255.255.
How do we capture this broadcast message so that we can relay it to the appropriate server that lives on the other side of the tunnel?
apm resource network-access vpn_profile {
address-space-exclude-dns-name { }
address-space-exclude-subnet { }
address-space-include-subnet { }
address-space-local-subnets-excluded true
application-launch-warning false
client-interface-speed 2147483648
customization-group vpn_profile_resource_network_access_customization
dns-enforce-search-order false
dns-primary x.x.x.x
dns-register-connection true
dns-secondary x.x.x.x
dns-suffix example.com
leasepool-name vpn-ict
microsoft-network-server true
optimized-app { }
preserve-source-port-strict all
provide-client-cert false
proxy-arp true
snat none
split-tunneling true
supported-ip-version ipv4
sync-with-active-directory true
}
MVPHi,
there is an iApp that might solve your issue, it will create a Virtual Server for you, that will relay DHCP traffic from inside the tunnel to your DHCP server in your datacenter. I've implemented it twice so far and it worked well. However I never tested with VMs inside VMware or Parallels...
Take a look at this DevCentral article: APM-DHCP Access Policy Example and Detailed Instructions
Does it look like it could help?
KR
Daniel