Hi guys,

I hope someone can help me here.

We have a configuration policy for our ASAs. On all of our firewalls, we configure 4 interfaces, inside, ouside, dmz & wan. We always setup management access on the wan interface. Because we don't always have WAN access at all our sites, this interface is not always connected. At all of our sites, we configure access to our fully meshed VPN.

I am in the process of setting up a new site that does not have access to the WAN, so must use VPN access. The wan interface is thus disconnected. All the local subnets configured behind the inside, dmz & wan interfaces are part of the localy secured networks. All remote networks are configured correctly. I can ping & connect to the firewall over the VPN using the wan interface IP and manage the firewall using ASDM.

I now wish to setup DHCP relay to an offsite server connected over the VPN. I have tried setting the DHCP servers to be available via either the inside interface (not supported as the relay agent is enabled on this interface), the wan interface or the outside interface, but users are not receiving IP addresses and I am unable to ping from the firewall to the DHCP servers using either the inside or wan interface as the source. If I change the management interface to inside, I can then ping from the inside to the relevant servers.

Can anyone help me get dhcp realy setup using the wan interface as the source?

Cheers.