05-30-2019 06:56 AM
Hello,
Currently our DHCP for VPN users is hosted on our Cisco ASA. We are thinking to move it to our current Windows 2016 Server DHCP. Just trying to see what is the best practice in this regards, should we leave it as is or move it to Windows DHCP where all other scopes are hosted even for our Cisco VoIP Phones. We want to have one DHCP for all (All eggs in one basket :o))
What if the DHCP server is down then we will not be able to connect at all via VPN?
Please advise ...... your thoughts?
Thank you
Solved! Go to Solution.
05-30-2019 08:50 AM
Hello,
>> What if the DHCP server is down then we will not be able to connect at all via VPN?
Yes this is sure.
You can justify the need to keep this specialized DHCP scope on the ASA with this observation.
To be able to provide technical assistance when not in office remote access is needed for you and your colleagues.
For specific issues involving the DHCP server you could not access the network remotely and you could not try to fix it. Someone should go the offices night time or in the weekends to check what is happening.
Hope to help
Giuseppe
05-30-2019 08:50 AM
Hello,
>> What if the DHCP server is down then we will not be able to connect at all via VPN?
Yes this is sure.
You can justify the need to keep this specialized DHCP scope on the ASA with this observation.
To be able to provide technical assistance when not in office remote access is needed for you and your colleagues.
For specific issues involving the DHCP server you could not access the network remotely and you could not try to fix it. Someone should go the offices night time or in the weekends to check what is happening.
Hope to help
Giuseppe
06-03-2019 05:47 AM
Hello
Even though the ASA is capable of providing dhcp it is a Firewall at the end of the day not a dhcp server, So if i had a choice I would relocate dhcp services onto designated server, This will not only provide the address allocation but additional services like dynamic dns registration/updates dhcp resiliency etc..
As for resiliency, when you have dhcp services on a server like W2k16 you can easily setup two servers providing address allocation (half per each scope) and if you have a failure the other server will take on the responsibly of the failed server, something i guess could be viable on ASA fw ( never done it myself) but it would be a lot more complex to setup and administer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide