Re: DHCP server problem

elecorbalan · ‎11-25-2008

Hello, I try to establish an external DHCP server for a remote server VPN. With a capture, I can see packets going to DHCP server but I can't see any response from DHCP server.

How can I see response incoming in from DHCP server on my capture?

tunnel-group TunelVPN general-attributes

default-group-policy TunelVPN

dhcp-server 10.0.0.4

The capture is

30: 18:18:52.662380 10.0.0.22.68 > 10.0.0.4.67: udp 548

31: 18:18:55.659694 10.0.0.22.68 > 10.0.0.4.67: udp 548

32: 18:18:59.659694 10.0.0.22.68 > 10.0.0.4.67: udp 548

33: 18:19:04.659694 10.0.0.22.68 > 10.0.0.4.67: udp 548

elecorbalan · ‎11-25-2008

I think I should get a broadcast like this:

34: 18:20:43.277375 10.0.0.2.138 > 10.0.0.255.138: udp 239

35: 18:20:43.277451 10.0.0.2.138 > 10.0.0.255.138: udp 208

36: 18:20:46.309386 10.0.0.2.138 > 10.0.0.255.138: udp 239

37: 18:20:46.309447 10.0.0.2.138 > 10.0.0.255.138: udp 208

38: 18:24:49.758871 10.0.0.2.138 > 10.0.0.255.138: udp 239

39: 18:24:49.758948 10.0.0.2.138 > 10.0.0.255.138: udp 208

ariesc_33 · ‎11-26-2008

are you using the ip helper command on your firewall?

with IPsec, you can only turn a broadcast into a directional

broadcast with the ip helper

address command on the inside of your source.

elecorbalan · ‎11-27-2008

There is no ip helper command on ASA

Thanks

ariesc_33 · ‎11-27-2008

then try configuring it because the dhcp request is a broadcast and it wont reach the other site without the directed broadcast

elecorbalan · ‎12-11-2008

Finally,

It is right to send a unicast.

But I can't receive any response from the server.

Maybe I have to configure a DHCP relay, do you know if it is needed to configure a DHCP relay? Because I have to unconfigure DHCP server from VPN tunnel-group to configure DHCP relay.