cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
550
Views
9
Helpful
3
Replies

IPSec VPN + Centralised DHCP Server + Remote DHCP clients

Sonugnair_2
Level 1
Level 1

Hi,

I would like to know if the following scenario is possible or not.

There is an IPSec VPN between an ASA 5520 and another VPN device at a remote site. There is a central DHCP server in the INSIDE on the ASA. Now this ASA should release IP address to clients in the remote site located behind the VPN device at the other side. Is this possible?

DHCP uses broadcast and IPSeC does not support broadcast or multicast. So is this scenario technically possible (using relay).

Thanks and Regards

Sonu

3 Replies 3

aghaznavi
Level 5
Level 5

IPSEC VPN Tunnel only works with Unicast traffic. It does not work on Multicast or Broadcast. But DHCP requires broadcast. The Solution for this is GRE over IPSEC. With GRE IPSEC Tunnel, Multicast and Broadcast are converted to Unicast. So you can use GRE tunnel between your VPN device.

jeromecandiff
Level 1
Level 1

The DHCP Offer is Layer 2. Since the ASA crypto ACL is all Layer 3, this wont work. You need a appliance that supports route based VPNS.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: