DHCP Through ASA 7.22 or 8.02 in transparent mode.

Unanswered Question
Jul 5th, 2007
User Badges:
  • Gold, 750 points or more


Was trying to figure out how to permit DHCP through an ASA when it was in transparent mode. I was originally thinking I needed to use DHCPRELAY but its only available in routed mode. I was trying to log everything and see if I could see my dhcp requests go out from the client but don't see anything in the logs.

Does anyone have any recommendations was thinking about doing a packet capture to see what the traffic is comming from the client and then seeing how much of it I see on the other side of the ASA. Any suggestions are appreciated.

All posts will be rated until I get an Answer that works.

Also here is the topology.

Client-->Inside Int|Transparent ASA|Outside Int--->rtr--->DHCP Server


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
srue Thu, 07/05/2007 - 11:14
User Badges:
  • Blue, 1500 points or more

Note: DHCP relay services are not available in transparent firewall mode. A security appliance in transparent firewall mode only allows ARP traffic through. All other traffic requires an access control list (ACL). In order to allow DHCP requests and replies through the security appliance in transparent mode, you need to configure two ACLs:


One ACL that allows DHCP requests from the inside interface to the outside



One ACL that allows the replies from the server in the other direction


Patrick Laidlaw Thu, 07/05/2007 - 11:44
User Badges:
  • Gold, 750 points or more


Appreciate your reply, I already read that document though I missed the explicit ACL section for transparent.

Unfortunatly I had already configured the ACL's to allow what I would expect for DHCP well before reading the part about an explicit ACL. It still does not work as expected. I even went so far as to put an acl saying any any on both outgoing and incomming interfaces. I was hopeing someone might have an example already.


This Discussion