04-20-2008 08:31 AM - edited 02-21-2020 01:59 AM
Hi,
I would like to know if the following scenario is possible or not.
There is an IPSec VPN between an ASA 5520 and another VPN device at a remote site. There is a central DHCP server in the INSIDE on the ASA. Now this ASA should release IP address to clients in the remote site located behind the VPN device at the other side. Is this possible?
DHCP uses broadcast and IPSeC does not support broadcast or multicast. So is this scenario technically possible (using relay).
Thanks and Regards
Sonu
04-25-2008 05:46 AM
IPSEC VPN Tunnel only works with Unicast traffic. It does not work on Multicast or Broadcast. But DHCP requires broadcast. The Solution for this is GRE over IPSEC. With GRE IPSEC Tunnel, Multicast and Broadcast are converted to Unicast. So you can use GRE tunnel between your VPN device.
07-23-2009 12:36 AM
09-09-2009 08:42 AM
The DHCP Offer is Layer 2. Since the ASA crypto ACL is all Layer 3, this wont work. You need a appliance that supports route based VPNS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide