10-06-2004 12:35 PM - edited 03-09-2019 09:00 AM
I am having problems with DHCP traffic through the FWSM. I have a DHCP Server on the router,6509, itself. I see the DHCP discover go out from a machine via ethereal. However, I do not see it at the router. I have used, debug ip dhcp packet at the 6509 and am using logging on the FWSM. I don't see the traffic. I am also having problems using the debug commands on the FWSM. The FWSM tells me that the debug commands are not available in this mode. I have tried using them in system, admin, and non-admin contexts. The only documentation that I can find on this says that the firewall will pass the traffic as long as you don't enable the local dhcp server and you have to specify the traffic is allowed on both interfaces. I have made sure of all of this.
10-06-2004 12:53 PM
Do you have an ACL configured to allow the DHCP traffic? You have to specifically permit all traffic.
10-06-2004 01:00 PM
The rules that I am using are the following. Which I believe should allow all DHCP traffic to pass the firewall.
object-group network ToInternet
network-object Vlan157 255.255.255.128
object-group service DHCP udp
port-object eq bootpc
port-object eq bootps
access-list outside_access_in extended permit icmp any Vlan157 255.255.255.128 log interval 10
access-list outside_access_in extended permit udp any Vlan157 255.255.255.128 object-group DHCP log interval 1
access-list outside_access_in extended permit eigrp any Vlan157 255.255.255.128
access-list inside_access_in extended permit udp Vlan157 255.255.255.128 any object-group DHCP log interval 1
access-list inside_access_in extended permit ip Vlan157 255.255.255.128 any log interval 10
10-07-2004 08:31 AM
You might try allowing "any any" for a brief test, just to see if this the problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide