Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
282
Views
0
Helpful
2
Replies

Remote Office VPN using Cisco ASA

NetSupport DPS
Level 1
Level 1

‎12-30-2015 02:08 PM

We are trying to establish an IPSEC tunnel with remote offices using a hairpin turn for Internet traffic at the headquarters office.  We need to set up DHCP relay server for an internal server, but when we do "dhcprelay server ip_address outside" it sends the DHCP requests to the Internet.  If we try to set up "dhcprelay server ip_address inside" it gives the error that we can not send DHCP requests our the same interface that would be receiving them.  Any ideas appreciated.

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎12-30-2015 02:32 PM

You need two commands:

dhcprelay enable <interface>

This causes the ASA to listen to DHCP messages from clients on <interface>.

Then you need:

dhcprelay server a.b.c.d outside

This causes the ASA to send the DHCP relay requests to DHCP server a.b.c.d located on the outside interface.

You do not need a DHCP relay service on the same interface that a DHCP server resides, as obviously the DHCP server can answer the questions directly.

0 Helpful

NetSupport DPS
Level 1
Level 1
In response to Philip D'Ath

‎12-30-2015 02:58 PM

On the headquarters ASA is the command:

object network obj-ip_address

  nat (outside,outside) dynamic interface

This allows traffic designated for "outside" to hairpin to the Internet and also sends DHCP requests to the open Internet and not to our DHCP server.

0 Helpful
Customers Also Viewed These Support Documents