Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
3
Helpful
3
Replies

DHCP Through ASA 7.22 or 8.02 in transparent mode.

Patrick Laidlaw
Level 4
Level 4

‎07-05-2007 10:58 AM - edited ‎03-11-2019 03:40 AM

Hello,

Was trying to figure out how to permit DHCP through an ASA when it was in transparent mode. I was originally thinking I needed to use DHCPRELAY but its only available in routed mode. I was trying to log everything and see if I could see my dhcp requests go out from the client but don't see anything in the logs.

Does anyone have any recommendations was thinking about doing a packet capture to see what the traffic is comming from the client and then seeing how much of it I see on the other side of the ASA. Any suggestions are appreciated.

All posts will be rated until I get an Answer that works.

Also here is the topology.

Client-->Inside Int|Transparent ASA|Outside Int--->rtr--->DHCP Server

Thanks.

Labels:
0 Helpful
3 Replies 3

srue
Level 7
Level 7

‎07-05-2007 11:14 AM

Note: DHCP relay services are not available in transparent firewall mode. A security appliance in transparent firewall mode only allows ARP traffic through. All other traffic requires an access control list (ACL). In order to allow DHCP requests and replies through the security appliance in transparent mode, you need to configure two ACLs:

*

One ACL that allows DHCP requests from the inside interface to the outside

and

*

One ACL that allows the replies from the server in the other direction

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008075fcfb.shtml

Patrick Laidlaw
Level 4
Level 4
In response to srue

‎07-05-2007 11:44 AM

Hello,

Appreciate your reply, I already read that document though I missed the explicit ACL section for transparent.

Unfortunatly I had already configured the ACL's to allow what I would expect for DHCP well before reading the part about an explicit ACL. It still does not work as expected. I even went so far as to put an acl saying any any on both outgoing and incomming interfaces. I was hopeing someone might have an example already.

0 Helpful

dsegura
Level 1
Level 1
In response to Patrick Laidlaw

‎07-05-2007 04:47 PM

Hello, Almost same Problem

Server DHCP (Inside) --Transparent-- Clients (Outside)

I did the same, whit the access-list but doesn't work.

Any ideas.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card