Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
407
Views
0
Helpful
4
Replies

fwsm and dhcprelay agent

lb-netsvcs
Level 1
Level 1

‎10-19-2005 07:46 AM - edited ‎03-09-2019 12:46 PM

Folks,

I'm hoping to use dhcprelay agent to provide DHCP addresses to devices behind my FWSM. The DHCP server is on a network a hop away from the (outside) interface, while the network I want to provide DHCP service to is on an (inside) interface.

I can set a static address already on the (inside), and NAT is working using PAT on the global (outside) interface. The FWSM is in Router mode.

Anyone know of anything special here? Does the DHCP server have to be directly connected to the (outside)? The FWSM can ping my DHCP server just fine. Clients with static addresses on the (inside) can browse the web and do other things, as the acl is 'ip any any'.

Regards,

Craig K

Network Engineering Manager, CSU Long Beach

Labels:
0 Helpful
4 Replies 4

jackko
Level 7
Level 7

‎10-19-2005 07:53 PM

i guess the dhcp server needs to be located directly on the outside subnet. you mentioned "The DHCP server is on a network a hop away from the (outside) interface". just wondering if there is a router in between.

e.g. fwsm <--> outside subnet <--> router <--> dhcp server

router will by default drop broadcast (i.e. dhcp request), thus i guess you need to again run the dhcp agent on the router. unfortunately, i don't think the agent will work with another agent again.

0 Helpful

lb-netsvcs
Level 1
Level 1
In response to jackko

‎10-20-2005 05:24 AM

Yes, a router will by default drop a DHCP broadcast, but once it is passed as broadcast on the (inside) interface to the dhcprelay agent running on the FWSM, the FWSM sends it via Unicast to the DHCP server specified in the dhcpagent config. It works fine elsewhere using "helper-address". There should be no need to add another helper-address to the MSFC side of this FWSM connection...

0 Helpful

mlowery
Level 1
Level 1
In response to lb-netsvcs

‎10-24-2005 05:54 PM

If the outside is a "shared" resources, you can forget about relaying anything DHCP... I've run into this before. Cisco's "workaround" was to place a DHCP server on each vlan behind the FWSM.

0 Helpful

lb-netsvcs
Level 1
Level 1
In response to mlowery

‎10-25-2005 05:40 AM

Yeah, that's pretty much what I found after a few more attempts and getting some packet captures involved.

Decided to go a different route and explore Transparent mode and multiple contexts... talk about expensive though :(

0 Helpful
Customers Also Viewed These Support Documents