Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
808
Views
0
Helpful
2
Replies

ASA Dynamic VPN and DHCP Relay - If this is possible, how to?

Sandeep Rai
Level 1
Level 1

‎12-28-2013 09:20 AM

Hi Experts,

I've got an interesting setup to deploy that I've been struggling to implement yet.

First the picture, then the words follow:

ASA-5505.png

Specifications / Limitations:

1. Head Office: ASA-5512 running 8.4 and corporate data centre with DHCP central services.

2. I've been tasked to deploy a temporary kiosk or a whole branch site as per above topology

   2. a. No gurantee of a fixed IP to the outside of the ASA5505 branch router by ISP.

        b. SDSL may provide a possibility of a fixed static IP address.

3. I have managed to create a IPSEC VPN tunnel successfully by employing a dynamic crypto map on ASA 5512.

4. The requirement is that the DHCP server should be centralised and thus a DHCP relay needs to be setup on the inside of ASA5505.

It is the points 2.a and 4 which are stumbling me.

I have already gone through the following links:

https://supportforums.cisco.com/thread/221243

https://supportforums.cisco.com/thread/2054584

https://supportforums.cisco.com/thread/2058531

https://supportforums.cisco.com/thread/2170335

and of course

https://supportforums.cisco.com/docs/DOC-16314 and

http://www.cisco.com/en/US/products/ps12726/products_configuration_example09186a0080c144d0.shtml

If I have to meet the 4th condition, with the current setup, is it possible or will I have to stick with either a static IP address for my outside on the ASA5505 or may be setup the DHCP. Basically, I am questioning the credibility of the design and if this can somehow be achieved?

Thanks,

Sandeep

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Dan Knight
Level 1
Level 1

‎02-18-2014 08:08 AM

Hi Sandeep.  Did you ever figure this out?  I'm running into the exact same issue.

0 Helpful

Sandeep Rai
Level 1
Level 1
In response to Dan Knight

‎02-18-2014 08:25 AM

Hi Dan,

I read a lot about this. I've concluded it's not possible to implement this "reliably".

As you'll need to include dynamic ip address's entire prefix of the dynamic peer itself. I decided to explain to client that they'd have to settle for local dhcp.

Sorry.   

0 Helpful
Customers Also Viewed These Support Documents