cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4248
Views
10
Helpful
6
Replies

DHCP Relay/Client Using Different Subnets

Matt Wilson
Level 1
Level 1

Hi All, I have a query about DHCP relay between an ASA and a 1941. As per attached diagram, the LAN subnet is 10.1.1.0/24 and he link between the 1941 & the ASA is on subnet 10.1.5.0/24. The 1941 is the DHCP server whilst the ASA is the DHCP relay for the computers on the LAN subnet. My question is - is it possible for the 1941 to hand out 10.1.1.0/24 leases via the 10.1.5.0/24 link to clients on the LAN? I have done extensive research on this topic but have come up with nothing that comes close to answering my question. It would be easy to get the ASA to act as a DHCPD server but that is not what I'm after. Thanks in advance.

 

Matt.

1 Accepted Solution

Accepted Solutions

amikat
Spotlight
Spotlight

Hi,

What you feel uncertain about is in actual fact the basic DHCP Relay functionality. Yes, it should work and the configuration is quite simple. Provided your ASA inside and outside interfaces IP addresses are 10.1.1.1 and 10.1.5.1 respectively and R1941 IP address towards ASA is 10.1.5.2 you just configure as per beneath.

R1941:

ip dhcp excluded-address 10.1.1.1

ip dhcp pool TEST

 network 10.1.1.0 255.255.255.0

 default-router 10.1.1.1

 dns-server 8.8.8.8

ip route 10.1.1.0 255.255.255.0 10.1.5.1

ASA:

dhcprelay server 10.1.5.2 outside

dhcprelay enable inside

Finally you just check that NAT and ACLs applied to the interfaces do not interfere with DHCP and you are done. Good Luck!

Best regards,

Antonin

 

 

View solution in original post

6 Replies 6

amikat
Spotlight
Spotlight

Hi,

What you feel uncertain about is in actual fact the basic DHCP Relay functionality. Yes, it should work and the configuration is quite simple. Provided your ASA inside and outside interfaces IP addresses are 10.1.1.1 and 10.1.5.1 respectively and R1941 IP address towards ASA is 10.1.5.2 you just configure as per beneath.

R1941:

ip dhcp excluded-address 10.1.1.1

ip dhcp pool TEST

 network 10.1.1.0 255.255.255.0

 default-router 10.1.1.1

 dns-server 8.8.8.8

ip route 10.1.1.0 255.255.255.0 10.1.5.1

ASA:

dhcprelay server 10.1.5.2 outside

dhcprelay enable inside

Finally you just check that NAT and ACLs applied to the interfaces do not interfere with DHCP and you are done. Good Luck!

Best regards,

Antonin

 

 

Thanks amikat, I will give it a try. I have a similar setup but wasn't getting IPv4 addresses via DHCP relay. The 1941 is also DHCP sever for two other directly connected subnets (10.1.2.0 & 10.1.3.0). I assumed that it would only provide 10.1.5.0 addresses on the link between it & the ASA and not to the LAN (10.1.1.0) on the inside of the ASA.

Amikat, I cannot seem to get this DHCP relay happening. My config on the ASA:

dhcprelay server 10.1.5.5 WAN
dhcprelay enable LAN
dhcprelay setroute LAN
dhcprelay timeout 60
dhcprelay information trust-all

Clients are on the LAN interface (10.1.1.0/24). The 1941 config:

ip dhcp excluded-address 10.1.1.1 10.1.1.99
!
ip dhcp pool 10
 import all
 network 10.1.1.0 255.255.255.0
 dns-server 192.231.203.132 192.231.203.3 
 default-router 10.1.1.1 
 domain-name 10.bde.lan
 option 42 ip 1.9.4.1 
 lease 0 8
!

Clients connected directly to the 1941 on VLAN10 can all obtain an IP address via DHCP. Clients connected to the ASA LAN interface cannot.

Finally you just check that NAT and ACLs applied to the interfaces do not interfere with DHCP and you are done.

I have no ACLs applied to any interface apart from NAT:

object network dynnat.obj
 range 10.1.5.10 10.1.5.254
 description for_nat
!
object-group network inside_subnets.net.obj
 description for_nat
 network-object 10.1.1.0 255.255.255.0
!
nat (any,WAN) source dynamic inside_subnets.net.obj dynnat.obj
!

All clients are able to ping the internets when allocated static IP addresses. Am I missing something?

 

 

 

Hi,

Thanks for the feedback. Have you set the static route back to the ASA LAN at Router as indicated in my mail? Can you please post the "show ip dhcp binding" command output (R1941).

Thanks & Regards,

Antonin

Thanks Amikat, I have wiped the ASA 5550's config as it was all over the shop and getting too complex. I have started again and when it is up & running I will post as you have requested.

Thanks for that. I set the static route as described and that seemed to fix it.