DHCPRELAY between two Site to site VPNS

juan-ruiz · ‎05-20-2010

I have a main site with a ASA 5520 and a remote site with an ASA 5505.

The main site has a windows 2003 server that is the DHCP server 10.25.5.15

The DHCP server has the scope 10.100.3.200-254/24 along with the options I need configured.

The remote site ASA 5505 need to be setup for DHCP relay to send the packets to the DHCP server 10.25.4.15.

Can someone assist me with the configuration?

This is what I tried but not sure if it is correct.

dhcprelay server 10.25.4.15 outside
dhcprelay setroute inside

Also when I execute the command dhcprelay enable inside it takes but I do not see a configuration after I do a show run | gre dhcprelay

Thanks very much for everyone’s assistance.

Regards,

Juan

Jennifer Halim · ‎05-23-2010

If you have site to site VPN between the 2 sites, you would need to configure the dhcprelay server on the inside interface so the dhcp unicast request can be sourced from the inside interface as the crypto ACL is normally defined between local LAN and remote LAN.

You would need to configure the following:

dhcprelay server 10.25.4.15 inside

dhcprelay enable inside

dhcprelay setroute inside

Also, you want to make sure that the ASA is not configured as a DHCP server itself, as DHCP server feature and DHCP relay feature can't co-exist.

Here are a couple more restriction on DHCP relay feature on ASA for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/dhcp.html#wp1041663

Hope that helps.

gregbeifuss · ‎06-09-2010

I'm trying a similar config (site to site between two 5510, remote site should pull DHCP addresses from head office) but cannot issue the commands listed as the ASA won't configure the relay components like that. Have I missed something incredibly obvious?

If I try to create the server group and then enable relaying:
Stratfw(config)# sh ru | grep dhcprelay
dhcprelay server 192.168.1.51 inside
dhcprelay setroute inside
dhcprelay timeout 60
Stratfw(config)# dhcprelay enable inside
DHCP: There is a DHCP Server '192.168.1.51' configured on interface 'inside'! DHCP Relay cannot receive DHCP requests and forward them on the same interface.

Or if I try to enable relaying and then the server group:

Stratfw(config)# sh ru | grep dhcprelay

dhcprelay enable inside
dhcprelay setroute inside
Stratfw(config)# dhcprelay server 192.168.1.51 inside
DHCP: DHCP RELAY SERVER is already enabled on interface 'inside'! DHCPRA cannot receive DHCP requests and forward them to a server on the same interface.
DHCP: Interface 'inside' is currently configured as RELAY SERVER and cannot be changed to a RELAY by a RELAY feature

juan-ruiz · ‎06-10-2010

Try dhcprelay server 192.168.1.51 outside.

Is the 192.168.1.51 server on the other side of the VPN?

MarvNY2010 · ‎07-15-2010

Hello gregbeifuss, I just came across your post regarding the error you get when trying to enable dchprelay on the INSIDE port. I am having the same issue with an ASA 5505 and I was wondering if you found a solution to you problem that you can share? It's driving me nuts and I can't seem to find any solutions to this issue. Any help is appreciated! Thanks, Marv

dhcprelay server 192.168.1.100 LAN
dhcprelay setroute LAN
dhcprelay enable LAN

DHCP: There is a DHCP Server '192.168.1.100' configured on interface 'LAN'!
DHCP Relay cannot receive DHCP requests and forward them on the same interface.