cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
2216
Views
0
Helpful
2
Replies

DNS and DHCP on ASA

Hello,

I am implementing a new asa firewall that will act as both a dhcp server and dns resolution (forwarder?) for inside clients. There is NO internal DNS or DHCP server nor will there be, the ASA will do both of those functions. The dns server entries in my config below are the local clients ISP dns servers and one entry for google. dhcp dns is also configured as shown below.

Can someone please take a second pair of eyes on this and verify for me that this will/should work when the firewall is installed. All internal clients will need to receive dhcp ip addresses from the asa and when internal clients browse the internet they will need to use the ISP dns for that. No domain name for environment is configured since there is none for this client.

I'm not sure if some of the parameters should be "outside" instead of "inside". Thanks.

dns domain-lookup inside

dns server-group DefaultDNS
name-server 1.2.3.4 inside
name-server 5.6.7.8 inside
name-server 9.10.11.12 inside
name-server 8.8.8.8 inside

dhcpd dns 1.2.3.4
dhcpd auto_config outside
!
dhcpd address 192.168.10.50-192.168.10.150 inside
dhcpd dns 1.2.3.4 5.6.7.8 interface inside
dhcpd enable inside

2 Replies 2

The ASA can be the DHCP-server in your network, but not a DNS-server or forwarder. But that's not done in your config anyway ...

The first block of config is for name resolution that the ASA can do for itself. When there is no DNS-server inside, the interfaces have to be configured "outside".

The configured dhcp-server is not that consistent. With auto-config you can "push" the ISP-learned options to the clients, with that you don't need to specify them in the config. 

If you are using a newer ASA software then you also need to configure the option for the default-gateway.

Thanks. Which interfaces in the config I pasted need to be changed to "outside"? I I'm using code 9.6

Basically any help you can give me regarding what I pasted. I need to be 100% sure the config I have set for dhcp and dns will work and I'm still not convinced.

Review Cisco Networking for a $25 gift card