08-01-2012 03:21 AM - edited 03-11-2019 04:36 PM
Hi,
I'm trying to set up an ASA5510 to relay DHCP requests to our Windows 2008 r2 DHCP server.
The DHCP server is on the inside network at 10.0.0.3 and has a scope setup for 10.0.50.0/24, address pool 10.0.50.50 - 10.0.50.100
The clients are on vlan 2. These clients were working ok, able to access the internet etc when assigned an IP from the ASA's DHCP server (now disabled).
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
!
interface Ethernet0/2.2
description Low access netowork for guest pcs allows internet access only
vlan 2
nameif VLAN2-GUESTS
security-level 1
ip address 10.0.50.1 255.255.255.0
!
Turning on DHCP debug logging, I can see that the DHCP requests are reaching the ASA and apparently being correctly relayed to 10.0.0.3
DHCPD: setting giaddr to 10.0.50.1.
dhcpd_forward_request: request from 000e.7b7b.fce5 forwarded to 10.0.0.3.
DHCPRA: relay binding found for client 000e.7b7b.fce5.
DHCPD: setting giaddr to 10.0.50.1.
dhcpd_forward_request: request from 000e.7b7b.fce5 forwarded to 10.0.0.3.
DHCPRA: relay binding found for client 000e.7b7b.fce5.
DHCPD: setting giaddr to 10.0.50.1.
dhcpd_forward_request: request from 000e.7b7b.fce5 forwarded to 10.0.0.3.
DHCPRA: relay binding found for client 000e.7b7b.fce5. DHCPD: setting giaddr to 10.0.50.1.
dhcpd_forward_request: request from 000e.7b7b.fce5 forwarded to 10.0.0.3.
DHCPRA: relay binding found for client 000e.7b7b.fce5.
DHCPD: setting giaddr to 10.0.50.1.
dhcpd_forward_request: request from 000e.7b7b.fce5 forwarded to 10.0.0.3.
DHCPRA: relay binding found for client 000e.7b7b.fce5.
DHCPD: setting giaddr to 10.0.50.1.
dhcpd_forward_request: request from 000e.7b7b.fce5 forwarded to 10.0.0.3.
DHCPRA: relay binding found for client 000e.7b7b.fce5.
However, the ASA doesn't get a reply and the logs on the DHCP server show no address being leased. The ASA can ping 10.0.0.3, I've tried disabling the Windows firewall on the DHCP server. The clients fail with a request timed out message. It seems that either the request isn't making it to the DHCP, or the DHCP server is ignoring it. Between the ASA and the DHCP server there is just a couple of switches, no routers. If I set the inside interface to receive it's IP by DHCP it sucessfully gets one from another scope on the DHCP server.
So, I'm puzzled why this isn't working, it should be a simple setup. Can anybody help??
Thanks,
Tim
08-01-2012 06:30 AM
Ok, I figured this out.
I was using my production DHCP server for testing. This didn't have the ASA set as it's default gateway as the ASA is not in production yet. It looks like the DHCP reply is addressed back to 10.0.40.1 - i.e. the DHCP server must have a route to it.
Adding a static route on my Windows DHCP server resolved the problem
route ADD 10.0.40.0 MASK 255.255.255.0 10.0.0.1
10-29-2015 12:00 PM
Hi
I am facing same problem from Dhcp please help us
10-31-2015 12:15 PM
Hi,
Please share the issue in detail and provide the dhcprelay configuration from ASA.
As mentioned, check if the default route is present on DHCP server pointing towards ASA interface.
- Try taking dhcp debugs on ASA and provide the output here.
Regards,
Akshay Rastogi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide