Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

NetExtender with DHCP

Hi,

Has anyone using SMA 500v (or equivalent SMA 100 series) managed to get DHCP to work for allocating IPs to NetExtender clients? I have not been able to get it working at all. the logs say "failed to get the client ip from dhcp" and the netextender client says the DHCP pool has been exhausted (which is not correct as there are about 100 IPs available).

I have found next to no information online about this function and Sonicwall support have not been helpful at all so far. We have been using static for ages which is fine but we have taken on a lot more users and is no longer a viable option for us.


Any tips or nuggets would be helpful. Thanks in advance.

Category: Secure Mobile Access Appliances
Reply

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @stevmorr I have this scenario running over here, no major trouble except (don't know if this is still a thing with 10.2.1.9):

    In the Clients / Settings I have configure to use DHCP for IPv and the Interface X0. The DHCP Server is located in the same subnet as X0.

    I'am using MobileConnect (iOS / macOS) for the most part but I can check with the latest NetExtender for you?

    --Michael@BWC

  • stevmorrstevmorr Newbie ✭

    hi,

    thanks for your response. Our DHCP server is also located on the same subnet as X0. After some back and forth it turns out the issue was at the ESXi virtual switch security level. sharing in case it is helpful for others. NetExtender generates a virtual MAC address which means that some systems may perceive this as a spoofing attack hence the changes.

    MAC Address changes must be set to Accept

    Forged Transmits must be set to Accept


    thanks

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @stevmorr this is interesting, I checked the settings of my vSwitch and all three security settings are set to reject. I can't recall that this setting was ever mentioned in the documention and I never changed it on any deployment (I did a few). But if it fixes your situation it must be related somehow for sure.

    --Michael@BWC

Sign In or Register to comment.