Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
630
Views
0
Helpful
3
Replies

DHCP pools on ASA 5510/5520

mx
Level 1
Level 1

‎05-08-2008 12:10 PM - edited ‎03-11-2019 05:42 AM

Hi. I cant seem to figure out how to have a dhcp pool for inside users that is a different subnet than what the inside interface is.

For example, inside interface is 10.0.0.1/24 but I want dhcp pool to be 10.1.0.1/24 Honestly, this is for a customer and I dont know his reasoning behind it, so I cant address that.

I read this document: http://cisco.com/en/US/docs/security/asa/asa71/configuration/guide/ip.html

And it didnt tell me I could or couldnt do it. Am I just missing something?

Thanks!

Labels:
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎05-08-2008 01:31 PM

Bob,

The way it works at least as I understand it is if a physical interface ip in your scenario is 10.0.0.1/24 DHCP can be enable in the interface to provide dhcp services for that particular network, that said, if your client wants to have another network routed within the firewall in the case of 10.1.0.1/24 and have dhcp services it would have to be in a different interface.

The question for you would be does your client already have a subnet with 10.1.0.1/24 somewhere in the network and wants firewall to be dhcp server for that subnet? if this is the case you cannot create a pool in firewall off the 10.0.0.1 interface to be a different network other than to be within the 10.0.0.1/24 network.

If your client wants to create another inside network to be routed in the firewall with 10.1.0.1/24 you could create subinterfaces and use 802.1q trunking, so you could have 10.0.0.1/24 say as inside1 for sub.interface name with security 100 and another subinterface named inside2 with IP 10.1.0.1/24 with same sec level of 100 as inside1, then you can have dhcp enabled on the two subinterfaces to service IPs on each subnet.

Now forget all above for a minute, if your client just wanst to change dhcp pool to be 10.1.0.1/24 then the inside interface ip address have to coinside with dhcp pool so your inside interface must change to 10.1.0.1/24 then create dhcp pool on interface.

hope this makes sence

Rgds

-Jorge

Jorge Rodriguez
0 Helpful

mx
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎05-09-2008 03:19 AM

Thank you Jorge. So it looks like we are on the same page with this. I understand I can have a DHCP pool PER INTERFACE and can be on different subnets, just not different subnets on the same interface. Ill have a conference call with the client at 1:30 to see his reasoning.

Thanks for the verification.

Bob

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to mx

‎05-09-2008 06:07 AM

Bob, you are welcome.

Indeed, it would be helpful to understand your clients requirements as well as to understand its topology on both firewalls asa5510/asa5520 to see what options there could be based on accurate provided information and be able to assist you better.

Rgds

-Jorge

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card