Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
834
Views
0
Helpful
7
Replies

6500 DHCP ISSUE

John Apricena
Level 1
Level 1

‎12-19-2011 11:06 AM - edited ‎03-11-2019 03:03 PM

Hello All,

I am having an issue do DHCP from the 6500, and was hoping someone cant help. So, I tried to setup DHCP from the FWSM to the clients and this worked fine with giving out the IP, however the gateway for devices on the inside is supposed to be the 6500, not the FWSM, which is why the clinets wouldn't get out to the internet. Do I need to set up DHCP relay on the FWSM or does anyone know the way I can setup DHCP on the 6500 to give out IP's to the clients. Again just to reiterate, when I setup DHCP on the FWSM the clinets get the IP's but do not get out to the internet and when I setup DHCP on the 6500 the clients do not get an IP. Also I know tghis is a dhcp issue becasue when I assign a static address on the network the clients get out fine. Thanks in advance for the help!

6500 Config

ip dhcp pool TEST

   network 1.1.1.0 255.255.255.0

   default-router 1.1.1.1

   dns-server x.x.x.x y.y.y.y

FWSM Config

FWSM/TEST# show run

interface Vlan3

nameif outside9

bridge-group 1

security-level 0

!

interface Vlan203

nameif inside9

bridge-group 1

security-level 100

!

interface BVI1

ip address 1.1.1.4 255.255.255.0

!

passwd 2KFQnbNIdI.2KYOU encrypted

access-list INSIDE1_IN extended permit ip any any

!

global (outside1) 1 x.x.x.x

nat (inside1) 1 1.1.1.0 255.255.255.0

access-group INSIDE1_IN in interface inside1

route outside1 0.0.0.0 0.0.0.0 1.1.1.1 1

FWSM/TEST#

Labels:
0 Helpful
7 Replies 7

John Apricena
Level 1
Level 1

‎12-19-2011 11:26 AM

Also this is the error I get in the logs of the FWSM. The pool stats at 100.

Deny inbound udp src outside9:1.1.1.2/67 dst inside9:1.1.1.100/68

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to John Apricena

‎12-19-2011 11:57 AM

Hi,

could you post your topology.

The DHCP reply from the server is blocked on the FWSM : Deny inbound udp src outside9:1.1.1.2/67 dst inside9:1.1.1.100/68

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

John Apricena
Level 1
Level 1
In response to cadet alain

‎12-19-2011 01:00 PM

Hello Alain,

Thanks for your quick response. I attached a Diagram of the layout. Just to let you know this is an FWSM with many virtual contexts and most including this one that are Transparent. I understand that I need an access-list on both ends to specifiy so the FWSM opens it, I am just having issue because the FWSM sees this as unsual traffic and the access-list needs to be on-point to work. Thank you for the response and I'll look forward to hearing back from you.

Preview file
117 KB
0 Helpful

John Apricena
Level 1
Level 1
In response to John Apricena

‎12-20-2011 07:08 AM

This question was in the Switching section but I moved it into the Firewall section seeing as this is an access-list issue. Any help would be greatly appreciated thank you!

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to John Apricena

‎12-20-2011 07:24 AM

Hi,

I've never implemented transparent firewall but I'll do some research and if I find out something I'll let you know.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

John Apricena
Level 1
Level 1
In response to cadet alain

‎12-20-2011 07:27 AM

Thank You Alain, I will look forward to hearing back from you.

0 Helpful

John Apricena
Level 1
Level 1
In response to cadet alain

‎12-22-2011 08:07 AM

Is there anyone that can provide some insight to this? I have tried multiple sequences of access-lists and nothing seems to work. I continue to get the same error in the logs. Thank You in advance!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card