10-21-2005 02:55 AM - edited 02-21-2020 12:28 AM
Hello, I'm a newbie with the asa 5510 and I try to setup dhcp relay on this firewall.
I have the following configuration:
inside 10.0.0.1/255.0.0.0 security 100
outside xxx.yyy.zzz.uuu security 0
dmz 192.168.0.1/255.255.255.0 security 50
I have a DHCP Server running on the DMZ network. All clients on the inside network should receive an IP address from this server.
I enabled the dhcp relay function for the inside interface. And I put the server with the IP address 192.168.0.5 on the dmz interface in the server list.
So far I receive the dhcp discover on the dhcp server from the clients in the inside network. But I never get the dhcp offer on the client side. It seems the firewall is blocking alle the dhcp request messages.
It is necessary to put some rules on the interfaces inside and dmz to get the messages trough the firewall? I thought the dhcp relay will do all broadcast traffic without any rules.
Maybe someone can help me out with this and may give me an example how to put the rules to make the dhcp relay working for this kind of setup?
Thanks in advance.
Daniel
10-23-2005 03:52 PM
Hi,
i think you need to have NAT rules defined. Do you have some existing ACL rules on this ASA? may be they are conflicting with DHCP. Please get the syslog messages and see if they are being blocked etc.
thanks
Nadeem
10-24-2005 12:17 AM
Hi Nedeem,
thanks for the reply. I was playing a little bit with my lab environment and found out there is actually no NAT rule necessary for the dhcp relay. It seem the problem I got here has something to do with the WindowsXP Client. Because my real lab environment contains the following parts.
I have a cable environment.
inside: cable modems which receive a IP Address from the DHCP Server in the dmz zone. behind the cable modem I have client PCs which also receive a IP Address from the dhcp server in the dmz zone.
dmz: dhcp server
As far as I recognized when using just a laptop on the inside interface instead of cable modem and PC behind that, the dhcp messages where not working correctly through the firewall.
Back at work I setup just some ACLs without any NAT and the DHCP Relay was working without any problem.
So I don't know exactly why my WINXP Laptop screwed up.
SHORT VERSION:
DHCP Relay on the ASA 5510 works fine for my cable environment so far, without any NAT. Just some ACLs for the UDP Broadcast Messages (DHCP and TFTP) are necessary.
Thanks anyway.
Daniel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide