04-20-2008 08:31 AM - edited 02-21-2020 01:59 AM
Hi,
I would like to know if the following scenario is possible or not.
There is an IPSec VPN between an ASA 5520 and another VPN device at a remote site. There is a central DHCP server in the INSIDE on the ASA. Now this ASA should release IP address to clients in the remote site located behind the VPN device at the other side. Is this possible?
DHCP uses broadcast and IPSeC does not support broadcast or multicast. So is this scenario technically possible (using relay).
Thanks and Regards
Sonu
04-25-2008 05:46 AM
IPSEC VPN Tunnel only works with Unicast traffic. It does not work on Multicast or Broadcast. But DHCP requires broadcast. The Solution for this is GRE over IPSEC. With GRE IPSEC Tunnel, Multicast and Broadcast are converted to Unicast. So you can use GRE tunnel between your VPN device.
07-23-2009 12:36 AM
09-09-2009 08:42 AM
The DHCP Offer is Layer 2. Since the ASA crypto ACL is all Layer 3, this wont work. You need a appliance that supports route based VPNS.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: