Reset Search
 

 

Article

KB19210 - Network Connect clients DHCP lease duration.

« Go Back

Information

 
Last Modified Date10/29/2015 4:41 PM
Synopsis
This articles describes the behavior of Network Connect / Pulse Secure clients DHCP lease duration.
Problem or Goal
Example scenario:

Pulse Connect Secure (PCS) device is configured to get DHCP addresses from a backend DHCP server (LAN DHCP server) and assign the address to Network Connect (NC) users. The backend DHCP server has a scope created for the NC users with lease duration of 5 minutes.  When a NC client connects to the PCS and gets an IP address from this scope, the lease duration on client is set to 7 days.

A packet trace captured on the PCS device shows that the DHCP offer made by the DHCP server was indeed for 5 minutes, but the client still sees the lease duration for approx 7 days. 

Why is the lease duration not set the same as the duration set on the backend DHCP server?
 
Cause
Solution
This is the expected behavior.

It’s important to understand that the PCS device is not a DHCP relay agent (i.e., it does not forward DHCP packets to/from the client and the backend DHCP server). Instead, it acts as a DHCP proxy. In other words, the PCS device acts as a DHCP client when talking to the backend DHCP server.  As a result it reads the DHCP offer from the DHCP server, and then sends the DHCP request on behalf of the NC client.

During this process it determines the lease time offered by the DHCP server. The PCS device will then take care of renewing the lease when it is time for renewal.

For example, in the above scenario, you should see that the PCS device will send DHCP request packets to renew the lease at 50% of the lease duration or the Renewal time value set in the Offer Packet as per RFC.

Notes:
  1. PCS device does not send the server determined lease time to the NC client.
  2. The 7 day value that is leased on the client is an PCS determined value which cannot be changed.
  3. It is safe to ignore this value since the PCS takes care of all the DHCP related activities, including releasing the IP address when the lease time runs out.
If the PCS fails to renew the lease time, it reports the message in the user access logs on the PCS and disconnects the Network Connect Session.

Sample message:

Info ERR23565 : Username(Realm)[Role] - Network Connect: DHCP : Lease expired for user sida54e21ff0dbec57483e782d5f14ef323152d260700000000 IP xx.xx.xx.xx
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255