Re: Multiple DHCP relay server configuration fmc

Nikhil.chaudhari · ‎02-17-2025

Want to add multiple DHCP relay server configuration on two different outbound vpn interface, while doing so it's not allowing to add the same. Can anyone suggest if want to add one DHCP relay server connects through redundant vpn interface over another site if feasible.

MHM Cisco World · ‎02-17-2025

Can you more elaborate

MHM

Nikhil.chaudhari · ‎02-19-2025

Hi, I have requirement of adding multiple DHCP Relay server on FTD Inside interface to forward request to HO server.

Branch to HO connectivity is IPSec with two tunnels in ECMP mode. If one the tunnel or DHCP server goes down user should be able to seamlessly connect to another DHCP server via next available IPSec tunnel.

IPSec failover has been tested and working as expected but unable to find any option to keep same DHCP server to be added as Relay server from both outbound interfaces through which its connected.

Need to understand whether this is possible in Cisco FTD? we have this settings already done in FortiGate and PaloAlto at other Branches and working as expected but unable to find any config in FTD for the same.

Sheraz.Salim · ‎02-19-2025

FTD supports a maximum of 10 DHCPv4 relay servers, with up to 4 per interface, but lacks automatic DHCP server failover across VPN tunnels. you might need to do some workaround.

please do not forget to rate.

MHM Cisco World · ‎02-19-2025

IPSec failover has been tested and working as expected but unable to find any option to keep same DHCP server to be added as Relay server from both outbound interfaces through which its connected. <<- the DHCP relay is add to interface Inbound not Outbound, i.e. the interface connect to host need to config with DHCP server relay not interface use for IPsec.
DHCP Relay Agent <<- here you specify interface connect to host
DHCP servers <<- here you can specify interface connect to server, in your case you can specify the WAN1 or WAN2

Screenshot (934).png

MHM

Nikhil.chaudhari · ‎02-19-2025

DHCP servers <<- here you can specify interface connect to server, in your case you can specify the WAN1 or WAN2 <<<<<----- This is the main problem we have to specify outgoing interface which we wont be able to add both interfaces as a failover part. Also we cannot have same entry twice from two different outbound interface. Seems to be limitation with FTD itself

MHM Cisco World · ‎02-19-2025

One DHCP server and two WAN'

Try use LO as interface' this LO can pass via WAN1 as primary and WAN2 as backup.

MHM

Aref Alsouqi · ‎02-19-2025

If you are trying to configure multiple DHCP relays on the same interface (inside) then I don't believe that is possible.

Aref Alsouqi · ‎02-19-2025

Where are you trying to configure the relay? I'm assuming you are trying to configure it on the branch firewall right? and I'm assuming the branch firewalls are in HA, and the HQ firewalls are also in HA right? if so why would you need to configure two relays? wouldn't configuring the DHCP relay on the inside interface of the branch firewalls be enough to achieve this task? in that case the DHCP traffic will be routed by the branch firewalls to the HQ regardless of which IPsec tunnel is being used, and if one of the IPsec tunnels should go down the DHCP traffic will still be able to make it via the active IPsec tunnel. am I missing something here?