- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2012 12:10 AM - edited 03-11-2019 04:20 PM
What is the difference between dhcp relay and dhcp proxy with respect to ASAs?
Thanks,
Kashish
Solved! Go to Solution.
- Labels:
-
NGFW Firewalls
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2012 03:19 AM
Hi Bro
DHCP relay listens to local broadcast messages from PC, and forwards these messages on another network towards the DHCP server. The DHCP server responds, and the replies is then forwarded back to the PC.
DHCP proxy is a fully-functional DHCP server and client built inside. The PC establishes IP leases from the DHCP server on one interface, and then keeps these addresses in a pool. On another interface, the server side of the implementation provides leases to other machines using that pool.
Cisco PIX/ASA Firewalls supports both method. In many of my previous implementations, the FW interface on which it behaves as a DHCP server has a dedicated, manually-configured address pool, and the only thing the proxy feature does is get configuration parameters from another upstream server e.g. equipment configuration, as shown below;
Router(config)#boot ?
bootstrap Bootstrap image file
config Configuration file
host Router-specific config file
network Network-wide config file
system System image file
P/S: If you think this comment was helpful, please do rate it nicely :-)
Ramraj Sivagnanam Sivajanam
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2012 03:19 AM
Hi Bro
DHCP relay listens to local broadcast messages from PC, and forwards these messages on another network towards the DHCP server. The DHCP server responds, and the replies is then forwarded back to the PC.
DHCP proxy is a fully-functional DHCP server and client built inside. The PC establishes IP leases from the DHCP server on one interface, and then keeps these addresses in a pool. On another interface, the server side of the implementation provides leases to other machines using that pool.
Cisco PIX/ASA Firewalls supports both method. In many of my previous implementations, the FW interface on which it behaves as a DHCP server has a dedicated, manually-configured address pool, and the only thing the proxy feature does is get configuration parameters from another upstream server e.g. equipment configuration, as shown below;
Router(config)#boot ?
bootstrap Bootstrap image file
config Configuration file
host Router-specific config file
network Network-wide config file
system System image file
P/S: If you think this comment was helpful, please do rate it nicely :-)
Ramraj Sivagnanam Sivajanam
