Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2285
Views
0
Helpful
2
Replies

DHCP Server on ASA vs DHCP on Windows Server

Go to solution
AffEsol051134
Level 1
Level 1

‎05-30-2019 06:56 AM

Hello, 

 

Currently our DHCP for VPN users is hosted on our Cisco ASA.  We are thinking to move it to our current Windows 2016 Server DHCP.  Just trying to see what is the best practice in this regards, should we leave it as is or move it to Windows DHCP where all other scopes are hosted even for our Cisco VoIP Phones.  We want to have one DHCP for all (All eggs in one basket :o))

 

What if the DHCP server is down then we will not be able to connect at all via VPN?

 

Please advise ...... your thoughts?

 

Thank you

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-30-2019 08:50 AM

Hello,

>> What if the DHCP server is down then we will not be able to connect at all via VPN?

Yes this is sure.

You can justify the need to keep this specialized DHCP scope on the ASA with this observation.

To be able to provide technical assistance when not in office remote access is needed for you and your colleagues.

For specific issues involving the DHCP server you could not access the network remotely and you could not try to fix it. Someone should go the offices night time or in the weekends to check what is happening.

 

 

Hope to help

Giuseppe

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-30-2019 08:50 AM

Hello,

>> What if the DHCP server is down then we will not be able to connect at all via VPN?

Yes this is sure.

You can justify the need to keep this specialized DHCP scope on the ASA with this observation.

To be able to provide technical assistance when not in office remote access is needed for you and your colleagues.

For specific issues involving the DHCP server you could not access the network remotely and you could not try to fix it. Someone should go the offices night time or in the weekends to check what is happening.

 

 

Hope to help

Giuseppe

 

0 Helpful

Go to solution
paul driver
VIP
VIP

‎06-03-2019 05:47 AM

Hello

Even though the ASA is capable of providing dhcp it is a Firewall at the end of the day not a dhcp server, So if i had a choice I would relocate dhcp services onto designated server, This will not only provide the address allocation but additional services like dynamic dns registration/updates dhcp resiliency etc..

As for resiliency, when you have dhcp services on a server like W2k16 you can easily setup two servers providing address allocation (half per each scope) and if you have a failure the other server will take on the responsibly of the failed server, something i guess could be viable on ASA fw ( never done it myself) but it would be a lot more complex to setup and administer.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents