09-06-2016 12:55 AM
i have asa in ver 9.0.1 at the site and asa ver 8.2.5 at the center
when configuring dhcprelay through site to site vpn its not working
i can see at the center asa the broadcast packet and not the ip of the asa outside interface
i saw that their is a bug in older version but we are not their
using another fw instead of the asa at the site works fine
09-06-2016 06:57 PM
Hi brinat,
I am not aware of any known issue with this type of configuration, can you share the tunnel configuration and the dhcp relay config as well?
This document explains all the configuration:
https://supportforums.cisco.com/blog/149511
Hope this info helps!!
Rate if helps you!!
-JP-
09-06-2016 11:09 PM
Hi brinat ,
the concept behind this to be working is pretty simple , we must understand the role of one of the ASA as DHCP relay agent .
From the ASA acting as a DHCP relay agent you should be able to ping the DHCP server from your inside interface , or the interface behind which the DHCP clients are so for example
ping inside 192.168.1.12 , 192.168.1.12 being DHCP server ip address . You just need to ensure that you have inside ip address and destination DHCP server ip address defined in the crypto access-list .
Once we have done that we are clear on crypto side of things and we then need to configure ASA as a DHCP client and the configuration is simple
dhcprelay server 192.168.1.12 outside
dhcprelay enable inside
By doing that we are setting up ASA to act as a relay agent during DORA process (by the use of command :- dhcprelay enable inside) and also defining our DHCP server on outside (dhcprelay server 192.168.1.12 outside)
To understand more on how DHCP server relay operation refer to the document
Hope that helps
Thanks
Shakti
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide