I restarted all devices and now the test machine shows connected but it still cannot browse the internet. I can browse if I connect directly to the other router on the 192.168.0.1.

Hi;

I do not have the public IP address. The way it is configured is as follows:

- DIA with Public IP address which I do not presently know. The connection from the DIA has an IP address of - 192.168.0.1; 255.255.255.0 - That is the Gateway and DHCP server from the DIA connection.

Inside users is presently at 20. Internal is 10.0.0.X; subnet 255.255.255.0

There is a DHCP internally

ASA Gigabit 1/1 for Outside; Gigabit 2 is inside.

Hi;

Please clarify :

What are the implications for my existing DHCP server if I enable DHCP as above on my internal network as per the instructions above? Also how will it affect my internal DNS?

It just occured to me that in the proposed configuration the ASA would have to be my gateway. Is this correct?

DIA (192.168.0.1, 255.255.255.0- Provides DHCP) -----> Cisco 3960 ------> (DHCP) ASA 5506 (10.0.0.1, 255.255.255.0) -------> HP Switch -------> Server (DHCP ,DNS 10.0.0.11; 255.255.255.0)

Hi

I got it working in my test environment using a combination of information from your thread and the other persons. However, I have a TP Link which is acting as my gateway/switch in my test environment with IP address 10.0.0.2, what would you recommend I use in my live environment?

Hi 

I realise I can use the firewall as my gateway however, is there a way to do this:

1) Not using DHCP on the inside firewall

2) Ensure that all internal traffic is still sent to my internal DNS first. I know I can add it as one of the DNS servers but I am unclear of the implications.

Thank you again for your continued help.

Hi Paul,

the device that holds nat or route or both nat-route process should be the gateway for internal network.

you can choose to run dhcp service on your gateway or any other server on the network. But when using dhcp server other than the gateway you should pay attention that we assign static ip address for the Lan interface of the gateway so we don't want dhcp server to distribute same ip address to the network. Lan interface ip address must be excluded.

Internet frames flow from inside network to outside can not be effected by using internal or or external dns server. But in my opinion, using internal dns server is much secure for the network devices and hosts.

I'm ready for help anytime so don't hesitate to contact. Just don't forget to rate helpful posts

Regards

So to be clear. I configured the Firewall with the IP address I have setup in the DHCP as the gateway. 

Is it that you are saying that even if I leave it as is with the external DNS I will not have an issue? If I put the internal DNS on the firewall will I have to configure a forwarder in my DNS server so that it forwards the external traffic and if I do should i use the firewall? 

Sorry about the ratings. Did not pay attention.

1) you configured firewall with ip address that must be considered by dhcp server as EXCLUDED. Thus not to be assigned to another device on the network.

2) no implications if you use your dns inside your network or using public one. 

Greetings

Hi

I am in the live environment and it is not working.

I am attaching the ASA config and the config I get when I connect to the DIA. I am on site for another 2 hours. Grateful if you can assist.

You didn't apply nat configuration in the right way, chick configuration above.

- did your hosts delivered ip address ?