Hi There,

After managing to sort my IPsec VPN tunnel to azure I am now stuck at another point which for the life of me I cannot figure it out. Was it an ASA-ASA there is plenty of information on how can this possibly work, problem is that the tunnel is with MS Azure.

The Goal: Allow clients on the internal network (10.1.1.0/24) to obtain IP addresses from a DHCP server in Azure (10.1.2.0/27).

The Sites:

Site 1 - Office:

Cisco 5505 ASA (behind a router 10.1.10.254, vpn ports 500 and 4500 forwarded to ASA)
Internal (inside interface) IP: 10.1.1.254
External (outside interface) IP: 10.1.10.136

Site 2 - Microsoft Azure:

DHCP server: 10.1.2.4

The Config:

There is a working ipsec site to site vpn between site1 and 2, and I have full control over the DHCP server from the onprem network.

When I run:

dhcprelay server 10.1.2.4 outside
dhcprelay enable inside
dhcprelay timeout 60

access-list DHCP-Relay extended permit ip host 10.1.10.136 host 10.1.2.4

access-list DHCP-Relay extended permit ip host 10.1.1.254 host 10.1.2.4

I am still not able to obtain an IP Address.

Considering that the DHCP request are leaving over the outside interface, I am assuming I need some extra rules that I have no idea what they are.

Should there be a rule towards the Public IP Addresses?

Thank you in advance,
Niko