topic I have the same problem, and in Network Security

ASA + DHCP Server behind NAT

michelcaissie — Mon, 11 Mar 2019 12:52:47 GMT

Hi all,

Is there a fixup in ASA that allows to run a DHCP server inside a NATed ASA.

Here is the scenario;

-Windows DHCP server on the inside

-DHCP client on the oustide

-The DHCP server is translated on the outside

-ip helper-address pointing to the translated IP address of the server

What we observe is the following;

When the DHCP broadcast occurs , the DHCP request is forwarded to the helper address and

the server leases an IP address . In the offer the server also includes it's own (real) IP

address.

Now the clients have an IP , but when it tries to renew, it makes a unicast DHCP call

(udp 67) to the server using the real IP of the server , so the renew fails.

So i would like to know if there is a fixup in the ASA , that would change the DHCP server

IP address for it's translated value in the DHCP offer.

In other words, is there an equivalent of the dns reply modification , but for DHCP.

something like;

static (inside,outside) 209.165.201.10 10.1.3.14 netmask 255.255.255.255 dhcp

thanks

Re: ASA + DHCP Server behind NAT

owillins — Thu, 05 Jun 2008 21:22:50 GMT

Have a look at this this Cisco ASA 5500 Series Adaptive Security Appliances Configuration guide. For your setups.

http://cisco.com/en/US/products/ps6120/tsd_products_support_configure.html

I have the same problem, and

simon — Tue, 30 Dec 2014 10:48:10 GMT

I have the same problem, and I agree that a "fixup" option in the ASA would be useful.

However, I found that one solution was to use a special DHCP option 54 (Server Identifier) for the particular DHCP scope. This allows the server to masquerade behind the WAN address, and thus enables the DHCP client to communicate with the DHCP server via unicast.

Hope this helps someone other than me.