Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
389
Views
0
Helpful
3
Replies

Cisco asa5505 question

tinhnho123
Level 2
Level 2

‎02-25-2013 10:00 AM - edited ‎03-11-2019 06:05 PM

   Hello,

I have a Cisco ASA5505 and windows DHCP server, how do I add this external server to ASA so my PC clients can get DHCP from this server?

Thanks.

Labels:
0 Helpful
3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

‎02-25-2013 10:08 AM

Hi,

If your Client PCs and the DHCP server are behind the same interface on the ASA then you wont have to do anything

If the Client PCs and the DHCP server are behind different interfaces on the ASA then you will have to configure DHCP relay.

Configuration format for DHCP relay should be the following

dhcprelay server

dhcprelay enable

In the above

  • The first command defines the DHCP server IP address and the interface "nameif" on the ASA where the DHCP server is located
  • The second command defines the interface behind which the Client PCs are located.

- Jouni

0 Helpful

tinhnho123
Level 2
Level 2
In response to Jouni Forss

‎02-26-2013 07:10 AM

Thanks for reply. I've setup follow your first method, clients PCs and DHCP server are behind the same interface on ASA.

My have couple concerns about static IP addresses. My current DHCP server IP address is 192.168.1.2 and my default gateway is 192.168.1.1, my DHCP scope is 192.168.1.1-192.168.1.254, my exclusion IP range is 192.168.1.1-192.168.1.10, if someone is trying to assign this ip 192.168.1.2 (DHCP server) statically on his laptop then I will have IP address confliction. Are there any way to prevent users to grap these exclusion IP addresses from ASA?

Thanks.

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to tinhnho123

‎02-26-2013 08:19 AM

Hi,

To be honest the basic users should be configuring any IP address they like on their computer without asking the person who manages the network.

Or you might simply have it so that the users dont have the rights/access to actually change the settings of the network adapter.

With regards to the ASA and the DHCP server I guess you could configure a static ARP entry on the ASA where the IP address is paired with the MAC of the DHCP server.

arp inside 192.168.1.2 xxxx.yyyy.zzzz

This really wouldnt prevent the user from configuring the said IP address but would probably prevent them from accessing anything beyond their own network. And it still might cause some problems with the traffic between 192.168.1.0/24 LAN hosts and the actual DHCP server if there was another host configured with the server IP

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card