FWSM Transparent Mode and DHCP

andy · ‎10-06-2004

I am having problems with DHCP traffic through the FWSM. I have a DHCP Server on the router,6509, itself. I see the DHCP discover go out from a machine via ethereal. However, I do not see it at the router. I have used, debug ip dhcp packet at the 6509 and am using logging on the FWSM. I don't see the traffic. I am also having problems using the debug commands on the FWSM. The FWSM tells me that the debug commands are not available in this mode. I have tried using them in system, admin, and non-admin contexts. The only documentation that I can find on this says that the firewall will pass the traffic as long as you don't enable the local dhcp server and you have to specify the traffic is allowed on both interfaces. I have made sure of all of this.

mschomburg · ‎10-06-2004

Do you have an ACL configured to allow the DHCP traffic? You have to specifically permit all traffic.

andy · ‎10-06-2004

The rules that I am using are the following. Which I believe should allow all DHCP traffic to pass the firewall.

object-group network ToInternet

network-object Vlan157 255.255.255.128

object-group service DHCP udp

port-object eq bootpc

port-object eq bootps

access-list outside_access_in extended permit icmp any Vlan157 255.255.255.128 log interval 10

access-list outside_access_in extended permit udp any Vlan157 255.255.255.128 object-group DHCP log interval 1

access-list outside_access_in extended permit eigrp any Vlan157 255.255.255.128

access-list inside_access_in extended permit udp Vlan157 255.255.255.128 any object-group DHCP log interval 1

access-list inside_access_in extended permit ip Vlan157 255.255.255.128 any log interval 10

mschomburg · ‎10-07-2004

You might try allowing "any any" for a brief test, just to see if this the problem.