Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
634
Views
0
Helpful
2
Replies

dhcp relay issue on asa 5510

dfuchs2512
Level 1
Level 1

‎10-21-2005 02:55 AM - edited ‎02-21-2020 12:28 AM

Hello, I'm a newbie with the asa 5510 and I try to setup dhcp relay on this firewall.

I have the following configuration:

inside 10.0.0.1/255.0.0.0 security 100

outside xxx.yyy.zzz.uuu security 0

dmz 192.168.0.1/255.255.255.0 security 50

I have a DHCP Server running on the DMZ network. All clients on the inside network should receive an IP address from this server.

I enabled the dhcp relay function for the inside interface. And I put the server with the IP address 192.168.0.5 on the dmz interface in the server list.

So far I receive the dhcp discover on the dhcp server from the clients in the inside network. But I never get the dhcp offer on the client side. It seems the firewall is blocking alle the dhcp request messages.

It is necessary to put some rules on the interfaces inside and dmz to get the messages trough the firewall? I thought the dhcp relay will do all broadcast traffic without any rules.

Maybe someone can help me out with this and may give me an example how to put the rules to make the dhcp relay working for this kind of setup?

Thanks in advance.

Daniel

0 Helpful
2 Replies 2

nkhawaja
Cisco Employee
Cisco Employee

‎10-23-2005 03:52 PM

Hi,

i think you need to have NAT rules defined. Do you have some existing ACL rules on this ASA? may be they are conflicting with DHCP. Please get the syslog messages and see if they are being blocked etc.

thanks

Nadeem

0 Helpful

dfuchs2512
Level 1
Level 1
In response to nkhawaja

‎10-24-2005 12:17 AM

Hi Nedeem,

thanks for the reply. I was playing a little bit with my lab environment and found out there is actually no NAT rule necessary for the dhcp relay. It seem the problem I got here has something to do with the WindowsXP Client. Because my real lab environment contains the following parts.

I have a cable environment.

inside: cable modems which receive a IP Address from the DHCP Server in the dmz zone. behind the cable modem I have client PCs which also receive a IP Address from the dhcp server in the dmz zone.

dmz: dhcp server

As far as I recognized when using just a laptop on the inside interface instead of cable modem and PC behind that, the dhcp messages where not working correctly through the firewall.

Back at work I setup just some ACLs without any NAT and the DHCP Relay was working without any problem.

So I don't know exactly why my WINXP Laptop screwed up.

SHORT VERSION:

DHCP Relay on the ASA 5510 works fine for my cable environment so far, without any NAT. Just some ACLs for the UDP Broadcast Messages (DHCP and TFTP) are necessary.

Thanks anyway.

Daniel

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card