UDP Broadcast Traffic from Cisco ASA

Mubasher Sultan - 2x CCIE # 20149 (R&S | Sec) · ‎11-27-2011

Hi,

I want to know that, like Cisco IOS Router, Does Cisco ASA pass the UDP Broadcast traffic e.g., TFTP etc...?

Any thoughts ???

BR,

Mubasher Sultan

cadet alain · ‎11-28-2011

Hi,

if you mean is there a ip helper-address like command, the answer is no. It can only function as a DHCP relay with the commands:

dhcprelay server x.x.x.x "interface name"

dhcprelay enable "interface name"

Regards.

Alain

Don't forget to rate helpful posts.

Mubasher Sultan - 2x CCIE # 20149 (R&S | Sec) · ‎11-28-2011

Hi,

Thaxs for the reply...

then, what shud be the work around? My issue is that,

I have an pxe-client that is connected with Cisco ASA on one interface & DHCP server is on another. DHCP Server is supplying the TFTP Addresses. Moreover, TFTP Servers are also conected to Cisco ASA but on third interface. In this case, what could be the work around to pass the UDP broadcast for TFTP across the ASA?

Any thoughts...

BR,

Mubasher Sultan

cadet alain · ‎11-28-2011

Hi,

if the machine has got the tftp IP address then it will be unicast not broadcast. The only broadcast I see here is the BOOTPREQUEST from the PXE client.

Can you be more precise ?

Regards.

Alain

Don't forget to rate helpful posts.

josecalv · ‎11-28-2011

Hi Mubasher,

Unlike the router the ASA does not forward any kind of broadcast packet (with the exemption of the DHCP broadcasts when DHCP Relay is enabled).

I understand that your DHCP server is providing here the IP address for your TFTP servers. I guess you are using DHCP option 150.

So if the DHCP server is on one interface and the client is on another you can configure DHCP Relay on your ASA.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008075fcfb.shtml

In regards of the TFTP requests these will be normal unicast packets as Cadet said so just make sure that you have the proper ACLs and NAT rules for that.