Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
945
Views
0
Helpful
8
Replies

Need to Enable DHCP relay

Ramesh M
Level 1
Level 1

‎12-18-2013 01:42 AM - edited ‎03-11-2019 08:19 PM

Hi team,

Need to enable dhcp relay on the firewall... DHCP server is in WTBB interface and atuo IP assigning should happen on PC's behing ODC_LEG interface.

Please help me to configure the same.

Configuration file attached.

Regards / Ramesh M

Labels:
15372746-firewall_config.txt.zip
0 Helpful
8 Replies 8

Karsten Iwen
VIP
VIP

‎12-18-2013 02:52 AM

You only need a small addition to your config:

asa(config)# dhcprelay server IP-OF-DHCP-SERVER WTBB

asa(config)# dhcprelay enable ODC_LEG

asa(config)# dhcprelay setroute ODC_LEG

More on the topic is found on the config-guide:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/dhcp.html#wp1041663

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Ramesh M
Level 1
Level 1
In response to Karsten Iwen

‎12-18-2013 05:52 AM

Hi ,

Thanks for your reply.

I was tried the same. it is not successful.

Because the WTBB segment will not accept the ODC_LEG segment directly .. ODC_LEG is NAT with WTBB interface.

global (WTBB) 1 interface

nat (ODC-LEG) 1 access-list ODC-ACCESS-IN

Will it work with the scenario or not.

Please suggest.

Regards / Ramesh M

0 Helpful

Karsten Iwen
VIP
VIP
In response to Ramesh M

‎12-18-2013 06:12 AM

NAT is independent of DHCP-Relay.

Do the following debug and show what happens when a client requests an IP:

debug dhcprelay error 100

debug dhcprelay enents 100

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Ramesh M
Level 1
Level 1
In response to Karsten Iwen

‎12-18-2013 08:37 PM

Hi,,

Please let me know if we need to allow any ports .. Is it bidirectional or unidirectional.

Regards / Ramesh M

0 Helpful

Karsten Iwen
VIP
VIP
In response to Ramesh M

‎12-18-2013 11:26 PM

no ports are needed to be opened. Have run the debug to see what happens?


Sent from Cisco Technical Support iPad App

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Ramesh M

‎12-19-2013 01:08 AM

Hi,

your dhcp server will pick the correct scope based on gia address and this field will not be changed by NAT so it should not pose any problem for allocation.

Can you either sniff on DHCP server with wireshark or do a capture on the ASA for the DHCP messages.

I see you have  2 capture ACLs for 10.101.150.112 , is it the DHCP server?

Have you got logs on your server stating it is receiving a request ?

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Ramesh M
Level 1
Level 1
In response to cadet alain

‎12-19-2013 04:45 AM

Hi,

I configured the same DHCP server in another ASA and it is working fine.. I have created a bidirectional access list. From ODC segment to WTBB and vice versa. Without policy its not working.

The DHCP server located in low security level.

But here I cann't create WTBB to ODC_LEG. Because the ODC_LEG is NAT to WTBB interface.

I checked the ASA logs. AS receiving the DHCP request from PC and forwarded to DHCP server.

I checked the routing parts in the network.

Regards / Ramesh M

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Ramesh M

‎12-19-2013 04:49 AM

Hi,

you don't need any policy for udp return traffic as it is inspected when leaving higher levl interface and going out lower level one.

Can you  perform a sniff on the dhcp server or capture traffic on lower  level interface to see if you get replies from the server?

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card