Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
619
Views
3
Helpful
6
Replies

Beginner DHCP-ASA-Internal Network issues

LPFJoao
Level 1
Level 1

‎01-24-2025 04:03 AM

Hi everyone i'm starting to learn CPT and i got this exercise where i have to create a firewall in btw my internal network; outside network and DMZ zone, which has a DHCP server. And i'm having issue configuring my ASA to allow the pc on the internal network to be able to get this DHCP ips.

Pls be gentle its been ' days since i start learning cisco and my overall experience on this sector is kinda new
Thanks in advance

Labels:
step5.zip
0 Helpful
6 Replies 6

marce1000
Hall of Fame
Hall of Fame

‎01-24-2025 04:14 AM

 

   - FYI : Community group for Packet Tracer project questions

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Flavio Miranda
VIP
VIP

‎01-24-2025 08:06 AM

@LPFJoao 

 I took a look on your project and I would like to suggest one change. But, keep in mind that ASA in PacketTracer is very buggy. I saw that you are connecting your layer2 switches to the firewall interface, which means that when the PC send broadcast on the network asking for DHCP, this broadcast should get to the ASA inside interface and then be forwarded to the DHCP server on DMZ. 

 This will not work. My suggestion is for you to use a layer3 switch before the ASA, create interface vlan on the layer3 switch and add the command "ip helper-address" on the interface vlan. This way the DHCP request from your local network to DHCP server will cross the firewall as unicast and not broadcast. 

 Between the ASA and the Layer3 switch you can create a transit network. Make sure you can ping the ASA from the layer3 switch because otherwise you are dealing with a buggy ASA and you will be wasting time trying to troubleshooting. If necessary, replace the ASA for another ASA. 

 Hope this can help you.

LPFJoao
Level 1
Level 1
In response to Flavio Miranda

‎01-27-2025 01:09 AM

Thank you very much for your swift response, i will try to put this to work. i'm still quite novice on this matter.

but really appreciate the pointers. NOw just need to learn how to put it in place

0 Helpful

Flavio Miranda
VIP
VIP
In response to LPFJoao

‎01-27-2025 02:56 AM

@LPFJoao 

 Here is a simple project that use ASA and DHCP. You can use as basis to continue your learning.

DHCP_Cross_FW.zip
0 Helpful

vishalbhandari
Spotlight
Spotlight

‎01-24-2025 06:35 PM

@LPFJoao To allow the internal PC to get an IP from the DHCP server in the DMZ on your ASA, you need to permit DHCP traffic between the internal network and the DMZ. On the ASA, enable DHCP relay by configuring the internal interface with dhcprelay server <DHCP Server IP> <interface> (replace <DHCP Server IP> with your DHCP server's IP and <interface> with the DMZ interface). Also, ensure the access control list (ACL) allows UDP traffic on ports 67 and 68 between the internal network and the DMZ. Finally, verify your NAT and security-level configurations to ensure traffic can flow correctly.

LPFJoao
Level 1
Level 1
In response to vishalbhandari

‎01-27-2025 01:13 AM

I tried to use the CLI with the dhcprelay commands to configure the ASA but it always comes back with an error...

0 Helpful
Customers Also Viewed These Support Documents