09-18-2008 07:30 PM - edited 03-11-2019 06:46 AM
Hello,
what are the exact ACL permit statements that i need to configure on my firewall if dhcp clients are residing on the inside network and DHCP server on the outside network, Assuming that i have access-group statments applied on both inside and outside interface in the inward direction.
Solved! Go to Solution.
09-19-2008 01:12 AM
In routed firewall mode, broadcast and multicast traffic is blocked even if you allow it in an access list, including unsupported dynamic routing protocols and DHCP (unless you configure DHCP relay). Transparent firewall mode can allow any IP traffic through.
1.If you are not using ASA/PIX in transparent mode, then you need to make ASA/PIX as DHCP Relay Agent
dhcprelay server x.x.x.x outside
dhcprelay enable inside
dhcprelay setroute inside
2.If you are using AS/PIX in transparent mode then you need to basically allow UDP port 67 & 68
HTH..rate if helpfull...
09-19-2008 02:15 AM
Take a look here (Routed Mode / DHCP Relay):
09-19-2008 01:02 AM
ASA must be in transparent mode for DHCP requests to pass through
Following is an example to achieve what you are looking for
(DHCP SERVER: 10.10.10.10) ----- OUTSIDE(ASA)INSIDE ---DHCP Clients
Apply this on outside interface (bootpc = port67)
access-list 10 extended permit udp host 10.10.10.10 any eq bootpc
Apply this on Inside interface (bootps = port 68)
access-list 20 extended permit udp any any eq bootps
Thanks
Syed Iftekhar Ahmed
09-19-2008 01:12 AM
In routed firewall mode, broadcast and multicast traffic is blocked even if you allow it in an access list, including unsupported dynamic routing protocols and DHCP (unless you configure DHCP relay). Transparent firewall mode can allow any IP traffic through.
1.If you are not using ASA/PIX in transparent mode, then you need to make ASA/PIX as DHCP Relay Agent
dhcprelay server x.x.x.x outside
dhcprelay enable inside
dhcprelay setroute inside
2.If you are using AS/PIX in transparent mode then you need to basically allow UDP port 67 & 68
HTH..rate if helpfull...
09-19-2008 02:15 AM
Take a look here (Routed Mode / DHCP Relay):
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide