12-19-2011 11:06 AM - edited 03-11-2019 03:03 PM
Hello All,
I am having an issue do DHCP from the 6500, and was hoping someone cant help. So, I tried to setup DHCP from the FWSM to the clients and this worked fine with giving out the IP, however the gateway for devices on the inside is supposed to be the 6500, not the FWSM, which is why the clinets wouldn't get out to the internet. Do I need to set up DHCP relay on the FWSM or does anyone know the way I can setup DHCP on the 6500 to give out IP's to the clients. Again just to reiterate, when I setup DHCP on the FWSM the clinets get the IP's but do not get out to the internet and when I setup DHCP on the 6500 the clients do not get an IP. Also I know tghis is a dhcp issue becasue when I assign a static address on the network the clients get out fine. Thanks in advance for the help!
6500 Config
ip dhcp pool TEST
network 1.1.1.0 255.255.255.0
default-router 1.1.1.1
dns-server x.x.x.x y.y.y.y
FWSM Config
FWSM/TEST# show run
interface Vlan3
nameif outside9
bridge-group 1
security-level 0
!
interface Vlan203
nameif inside9
bridge-group 1
security-level 100
!
interface BVI1
ip address 1.1.1.4 255.255.255.0
!
passwd 2KFQnbNIdI.2KYOU encrypted
access-list INSIDE1_IN extended permit ip any any
!
global (outside1) 1 x.x.x.x
nat (inside1) 1 1.1.1.0 255.255.255.0
access-group INSIDE1_IN in interface inside1
route outside1 0.0.0.0 0.0.0.0 1.1.1.1 1
FWSM/TEST#
12-19-2011 11:26 AM
Also this is the error I get in the logs of the FWSM. The pool stats at 100.
Deny inbound udp src outside9:1.1.1.2/67 dst inside9:1.1.1.100/68
12-19-2011 11:57 AM
Hi,
could you post your topology.
The DHCP reply from the server is blocked on the FWSM : Deny inbound udp src outside9:1.1.1.2/67 dst inside9:1.1.1.100/68
Regards.
Alain
12-19-2011 01:00 PM
Hello Alain,
Thanks for your quick response. I attached a Diagram of the layout. Just to let you know this is an FWSM with many virtual contexts and most including this one that are Transparent. I understand that I need an access-list on both ends to specifiy so the FWSM opens it, I am just having issue because the FWSM sees this as unsual traffic and the access-list needs to be on-point to work. Thank you for the response and I'll look forward to hearing back from you.
12-20-2011 07:08 AM
This question was in the Switching section but I moved it into the Firewall section seeing as this is an access-list issue. Any help would be greatly appreciated thank you!
12-20-2011 07:24 AM
Hi,
I've never implemented transparent firewall but I'll do some research and if I find out something I'll let you know.
Regards.
Alain.
12-20-2011 07:27 AM
Thank You Alain, I will look forward to hearing back from you.
12-22-2011 08:07 AM
Is there anyone that can provide some insight to this? I have tried multiple sequences of access-lists and nothing seems to work. I continue to get the same error in the logs. Thank You in advance!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide