Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
389
Views
5
Helpful
3
Replies

Clients can't reach a DHCP server behind ASA

Ma'moun Mohammad shanableh
Level 1
Level 1

‎03-26-2017 05:02 AM - edited ‎03-12-2019 02:07 AM

Good Day,

I have a nexus 9K that acts as a core switch and a DHCP server (windows based) is connected to it, Now clients are able to reach the DHCP server and obtain an IP Address.

My case is we want to isolate some VLANs on a ASA, So, we did create interfaces on the FW in Port-Channel setup, Then VLANs interfaces were deleted from the Core Switch, (Only layer 2 VLANs are still on the Core Switch), access-lists for now are permit ip any any on all the interfaces on the FW.

Routes were added to the CS and the FW, Now the users are unable to obtain an IP Address from the DHCP server when its gateway is on the FW.

Users that has their gateway on the CS or the FW are unable to obtain IP Addresses.

I have also tried to debug DHCP packets on the FW, And there is no result shown.

Any idea?

Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎03-26-2017 06:54 AM

You have to configure DHCP-relay on the firewall. For that you specify on which interface and IP the server is located and on which interfaces the clients are who's DHCP should be relayed to the server.

0 Helpful

Ma'moun Mohammad shanableh
Level 1
Level 1
In response to Karsten Iwen

‎03-26-2017 07:09 AM

I have already configured the DHCP relay on the FW As follows with no luck:

dhcprelay server x.x.x.x DMZ
dhcprelay enable To-Core-SW
dhcprelay setroute To-Core-SW

0 Helpful

Karsten Iwen
VIP
VIP
In response to Ma'moun Mohammad shanableh

‎03-26-2017 08:40 AM

Assuming the interface-names are what they are saying, you have to do it the other way round:

dhcprelay server x.x.x.x To-Core-SW
dhcprelay enable DMZ
dhcprelay setroute DMZ
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card